From 79740a2c77ad5c9b048e094cc164fd0129aba16a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 14 Dec 2010 21:18:40 -0800 Subject: Move photo/movie file extension validation into the model. Fixes #1524. --- modules/gallery/tests/Item_Model_Test.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 264a2128..1e6d54d0 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -431,4 +431,27 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); } + + public function legal_extension_test() { + foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } + } + + public function illegal_extension_test() { + foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } -- cgit v1.2.3 From 18470a60012b8ab48b8c2a6a94673b69500de4a7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:07:02 -0800 Subject: Clean up xss golden file as a follow-on to 945e79b17182f7c96eb4b566bd41d26b5f8c4288 for #1478. --- modules/gallery/tests/xss_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 0345df96..bd72509c 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -43,8 +43,8 @@ modules/digibug/views/digibug_form.html.php 6 DIRTY form:: modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] modules/g2_import/views/admin_g2_import.html.php 9 DIRTY $form -modules/gallery/views/admin_advanced_settings.html.php 20 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY $var->module_name +modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY_JS user_profile::url($entry->user->id) modules/gallery/views/admin_block_log_entries.html.php 10 DIRTY gallery::date_time($entry->timestamp) -- cgit v1.2.3 From ff4c930338a80a7a5eb220f539aac1f06c748bc4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:08:56 -0800 Subject: Clean up golden file as a follow-on to 3c523bcac6e902973c5891c02842254eaecd33a4 for #1499. --- modules/gallery/tests/xss_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index bd72509c..7c5e803d 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -260,8 +260,8 @@ modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $don modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view -modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() -modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) +modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url() +modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured) modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() -- cgit v1.2.3 From 6fb0eb4e97e3bbfa50029f0b4249c10bd22abe09 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:24:31 -0800 Subject: Follow on to d2be26e407aeb620082bcad2d5a45272868b38a1 to update the unit tests to reflect the proper type filtering for #1503. --- modules/gallery/tests/Items_Rest_Helper_Test.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 8e53110a..49e77876 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -65,21 +65,21 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); $request->params->urls = json_encode(array( - rest::url("item", $photo1), - rest::url("item", $album2))); + rest::url("item", $photo2), + rest::url("item", $album1))); $request->params->type = "album"; $this->assert_equal_array( array( - array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + array("url" => rest::url("item", $album1), + "entity" => $album1->as_restful_array(), "relationships" => array( "comments" => array( - "url" => rest::url("item_comments", $album2)), + "url" => rest::url("item_comments", $album1)), "tags" => array( - "url" => rest::url("item_tags", $album2), + "url" => rest::url("item_tags", $album1), "members" => array())), "members" => array( - rest::url("item", $photo2)))), + rest::url("item", $album2)))), items_rest::get($request)); } -- cgit v1.2.3 From 45c63f4d118bfc99924edb8685442035349af6db Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:48:56 -0800 Subject: Use mt_rand() instead of rand() since it provides better portability. Fixes #1527. --- installer/installer.php | 4 +-- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/gallery_installer.php | 4 +-- modules/gallery/models/item.php | 4 +-- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 30 +++++++++++------------ modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 4 +-- modules/gallery_unit_test/helpers/test.php | 12 ++++----- modules/rest/helpers/rest_event.php | 6 ++--- 14 files changed, 39 insertions(+), 39 deletions(-) (limited to 'modules/gallery/tests') diff --git a/installer/installer.php b/installer/installer.php index 9a957b43..7d358e70 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -138,7 +138,7 @@ class installer { $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0; $salt .= chr($char); } - $password = substr(md5(time() * rand()), 0, 6); + $password = substr(md5(time() . mt_rand()), 0, 6); // Escape backslash in preparation for our UPDATE statement. $hashed_password = str_replace("\\", "\\\\", $salt . md5($salt . $password)); $sql = self::prepend_prefix($config["prefix"], @@ -152,7 +152,7 @@ class installer { } static function create_admin_session($config) { - $session_id = md5(time() * rand()); + $session_id = md5(time() . mt_rand()); $user_agent = $_SERVER["HTTP_USER_AGENT"]; $user_agent_len = strlen($user_agent); $now = time(); diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 88d1ace0..a9e49de7 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -28,7 +28,7 @@ class Digibug_Controller extends Controller { $thumb_url = $item->thumb_url(true); } else { $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(rand()); + $proxy->uuid = md5(mt_rand()); $proxy->item_id = $item->id; $proxy->save(); $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid"); diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php index 19a3f9da..6f9e20df 100644 --- a/modules/digibug/tests/Digibug_Controller_Test.php +++ b/modules/digibug/tests/Digibug_Controller_Test.php @@ -36,7 +36,7 @@ class Digibug_Controller_Test extends Gallery_Unit_Test_Case { access::deny(identity::registered_users(), "view_full", $album); $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(rand()); + $proxy->uuid = md5(mt_rand()); $proxy->item_id = $photo->id; return $proxy->save(); } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index b2646874..50f6b8f0 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -23,7 +23,7 @@ class Upgrader_Controller extends Controller { // Make sure we have an upgrade token if (!($upgrade_token = $session->get("upgrade_token", null))) { - $session->set("upgrade_token", $upgrade_token = md5(rand())); + $session->set("upgrade_token", $upgrade_token = md5(time() . mt_rand())); } // If the upgrade token exists, then bless this session diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 0b0dcbc1..6a948999 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -426,7 +426,7 @@ class access_Core { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { - $csrf = md5(rand()); + $csrf = md5(time() . mt_rand()); $session->set("csrf", $csrf); } return $csrf; diff --git a/modules/gallery/helpers/block_manager.php b/modules/gallery/helpers/block_manager.php index 2237b702..e7247edc 100644 --- a/modules/gallery/helpers/block_manager.php +++ b/modules/gallery/helpers/block_manager.php @@ -28,7 +28,7 @@ class block_manager_Core { static function add($location, $module_name, $block_id) { $blocks = block_manager::get_active($location); - $blocks[rand()] = array($module_name, $block_id); + $blocks[mt_rand()] = array($module_name, $block_id); block_manager::set_active($location, $blocks); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 3d82bc69..9c42caad 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -459,7 +459,7 @@ class gallery_installer { $blocks = block_manager::get_active($location); $new_blocks = array(); foreach ($blocks as $block) { - $new_blocks[rand()] = $block; + $new_blocks[mt_rand()] = $block; } block_manager::set_active($location, $new_blocks); } @@ -507,7 +507,7 @@ class gallery_installer { ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { - $new_slug = rand(); + $new_slug = mt_rand(); } db::build() ->update("items") diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index a4d24b8f..b6713fc3 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -390,7 +390,7 @@ class Item_Model_Core extends ORM_MPTT { if (file_exists($this->resize_path()) || file_exists($this->thumb_path())) { $pi = pathinfo($this->name); - $this->name = $pi["filename"] . "-" . rand() . "." . $pi["extension"]; + $this->name = $pi["filename"] . "-" . mt_rand() . "." . $pi["extension"]; parent::save(); } @@ -512,7 +512,7 @@ class Item_Model_Core extends ORM_MPTT { ->or_where("slug", "=", $this->slug) ->close() ->find()->id) { - $rand = rand(); + $rand = mt_rand(); if ($base_ext) { $this->name = "$base_name-$rand.$base_ext"; } else { diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index 6c64394d..86c74890 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -31,7 +31,7 @@ class Albums_Controller_Test extends Gallery_Unit_Test_Case { $album = test::random_album(); // Randomize to avoid conflicts. - $new_name = "new_name_" . rand(); + $new_name = "new_name_" . mt_rand(); $_POST["name"] = $new_name; $_POST["title"] = "new title"; diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index e8d8b6f4..6cee2862 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -27,7 +27,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { public function cache_exists_test() { $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); - $id = md5(rand()); + $id = md5(mt_rand()); db::build() ->insert("caches") ->columns("key", "tags", "expiration", "cache") @@ -38,7 +38,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_test() { - $id = md5(rand()); + $id = md5(mt_rand()); db::build() ->insert("caches") @@ -54,7 +54,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_set_test() { - $id = md5(rand()); + $id = md5(mt_rand()); $original_data = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id => $original_data), array("tag1", "tag2"), 84600); @@ -63,15 +63,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_tag_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 84600); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -86,15 +86,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_id_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -106,15 +106,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_tag_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -126,15 +126,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_all_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index eb2458cb..c93cc239 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -92,7 +92,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_conflicts_result_in_a_rename_test() { - $rand = rand(); + $rand = mt_rand(); $photo1 = test::random_photo_unsaved(item::root()); $photo1->name = "{$rand}.jpg"; $photo1->slug = (string)$rand; diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 1e6d54d0..0d6d10af 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -278,10 +278,10 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function basic_validation_test() { $item = ORM::factory("item"); - $item->album_cover_item_id = rand(); // invalid + $item->album_cover_item_id = mt_rand(); // invalid $item->description = str_repeat("x", 70000); // invalid $item->name = null; - $item->parent_id = rand(); + $item->parent_id = mt_rand(); $item->slug = null; $item->sort_column = "bogus"; $item->sort_order = "bogus"; diff --git a/modules/gallery_unit_test/helpers/test.php b/modules/gallery_unit_test/helpers/test.php index 1be82a74..d5149492 100644 --- a/modules/gallery_unit_test/helpers/test.php +++ b/modules/gallery_unit_test/helpers/test.php @@ -19,7 +19,7 @@ */ class test_Core { static function random_album_unsaved($parent=null) { - $rand = rand(); + $rand = mt_rand(); $album = ORM::factory("item"); $album->type = "album"; @@ -34,7 +34,7 @@ class test_Core { } static function random_photo_unsaved($parent=null) { - $rand = rand(); + $rand = mt_rand(); $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent ? $parent->id : 1; @@ -49,16 +49,16 @@ class test_Core { } static function random_user($password="password") { - $rand = "name_" . rand(); + $rand = "name_" . mt_rand(); return identity::create_user($rand, $rand, $password, "$rand@rand.com"); } static function random_group() { - return identity::create_group((string)rand()); + return identity::create_group((string)mt_rand()); } static function random_name($item=null) { - $rand = "name_" . rand(); + $rand = "name_" . mt_rand(); if ($item && $item->is_photo()) { $rand .= ".jpg"; } @@ -77,7 +77,7 @@ class test_Core { static function random_tag() { $tag = ORM::factory("tag"); - $tag->name = (string)rand(); + $tag->name = (string)mt_rand(); // Reload so that ORM coerces all fields into strings. return $tag->save()->reload(); diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index d8c69e94..4d7a4a1b 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = md5($user->name . rand()); + $key->access_key = md5($user->name . time() . mt_rand()); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = md5($user->name . rand()); + $key->access_key = md5($user->name . time() . mt_rand()); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); + $key->access_key = md5($data->user->name . time() . mt_rand()); $key->save(); } $view->rest_key = $key->access_key; -- cgit v1.2.3 From cd48b89f3166e7fa732b5cb06d33fba018af9127 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 14:57:00 -0800 Subject: Consolidate all the random code into a random helper that offers: random::hash() random::string() random::percent() random::int() So that we don't have lots of different ways to get random values all over the code. Follow-on to #1527. --- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/gallery_installer.php | 4 +- modules/gallery/helpers/item.php | 2 +- modules/gallery/helpers/random.php | 50 +++++++++++++++++++++++ modules/gallery/models/item.php | 6 +-- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 30 +++++++------- modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 14 +++---- modules/gallery_unit_test/helpers/test.php | 12 +++--- modules/rest/helpers/rest.php | 2 +- modules/rest/helpers/rest_event.php | 6 +-- modules/user/controllers/password.php | 2 +- 17 files changed, 96 insertions(+), 46 deletions(-) create mode 100644 modules/gallery/helpers/random.php (limited to 'modules/gallery/tests') diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index a9e49de7..bc0c7c5e 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -28,7 +28,7 @@ class Digibug_Controller extends Controller { $thumb_url = $item->thumb_url(true); } else { $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(mt_rand()); + $proxy->uuid = random::hash(); $proxy->item_id = $item->id; $proxy->save(); $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid"); diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php index 6f9e20df..d331b0ae 100644 --- a/modules/digibug/tests/Digibug_Controller_Test.php +++ b/modules/digibug/tests/Digibug_Controller_Test.php @@ -36,7 +36,7 @@ class Digibug_Controller_Test extends Gallery_Unit_Test_Case { access::deny(identity::registered_users(), "view_full", $album); $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(mt_rand()); + $proxy->uuid = random::hash(); $proxy->item_id = $photo->id; return $proxy->save(); } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 50f6b8f0..66c71648 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -23,7 +23,7 @@ class Upgrader_Controller extends Controller { // Make sure we have an upgrade token if (!($upgrade_token = $session->get("upgrade_token", null))) { - $session->set("upgrade_token", $upgrade_token = md5(time() . mt_rand())); + $session->set("upgrade_token", $upgrade_token = random::hash()); } // If the upgrade token exists, then bless this session diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 6a948999..a7ac3f9f 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -426,7 +426,7 @@ class access_Core { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { - $csrf = md5(time() . mt_rand()); + $csrf = random::hash(); $session->set("csrf", $csrf); } return $csrf; diff --git a/modules/gallery/helpers/block_manager.php b/modules/gallery/helpers/block_manager.php index e7247edc..4bd649c2 100644 --- a/modules/gallery/helpers/block_manager.php +++ b/modules/gallery/helpers/block_manager.php @@ -28,7 +28,7 @@ class block_manager_Core { static function add($location, $module_name, $block_id) { $blocks = block_manager::get_active($location); - $blocks[mt_rand()] = array($module_name, $block_id); + $blocks[random::int()] = array($module_name, $block_id); block_manager::set_active($location, $blocks); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 9c42caad..a6b8e6a2 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -459,7 +459,7 @@ class gallery_installer { $blocks = block_manager::get_active($location); $new_blocks = array(); foreach ($blocks as $block) { - $new_blocks[mt_rand()] = $block; + $new_blocks[random::int()] = $block; } block_manager::set_active($location, $new_blocks); } @@ -507,7 +507,7 @@ class gallery_installer { ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { - $new_slug = mt_rand(); + $new_slug = random::int(); } db::build() ->update("items") diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 052b1c8e..664da812 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -232,7 +232,7 @@ class item_Core { // distributed so this is going to be more efficient with larger data sets. return ORM::factory("item") ->viewable() - ->where("rand_key", "<", ((float)mt_rand()) / (float)mt_getrandmax()) + ->where("rand_key", "<", random::percent()) ->order_by("rand_key", "DESC"); } } \ No newline at end of file diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php new file mode 100644 index 00000000..a26762bd --- /dev/null +++ b/modules/gallery/helpers/random.php @@ -0,0 +1,50 @@ +loaded()) { // Set reasonable defaults $this->created = time(); - $this->rand_key = ((float)mt_rand()) / (float)mt_getrandmax(); + $this->rand_key = random::percent(); $this->thumb_dirty = 1; $this->resize_dirty = 1; $this->sort_column = "created"; @@ -390,7 +390,7 @@ class Item_Model_Core extends ORM_MPTT { if (file_exists($this->resize_path()) || file_exists($this->thumb_path())) { $pi = pathinfo($this->name); - $this->name = $pi["filename"] . "-" . mt_rand() . "." . $pi["extension"]; + $this->name = $pi["filename"] . "-" . random::int() . "." . $pi["extension"]; parent::save(); } @@ -512,7 +512,7 @@ class Item_Model_Core extends ORM_MPTT { ->or_where("slug", "=", $this->slug) ->close() ->find()->id) { - $rand = mt_rand(); + $rand = random::int(); if ($base_ext) { $this->name = "$base_name-$rand.$base_ext"; } else { diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index 86c74890..35a3bdbb 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -31,7 +31,7 @@ class Albums_Controller_Test extends Gallery_Unit_Test_Case { $album = test::random_album(); // Randomize to avoid conflicts. - $new_name = "new_name_" . mt_rand(); + $new_name = "new_name_" . random::string(6); $_POST["name"] = $new_name; $_POST["title"] = "new title"; diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index 6cee2862..b95ef0a2 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -27,7 +27,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { public function cache_exists_test() { $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); - $id = md5(mt_rand()); + $id = random::hash(); db::build() ->insert("caches") ->columns("key", "tags", "expiration", "cache") @@ -38,7 +38,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_test() { - $id = md5(mt_rand()); + $id = random::hash(); db::build() ->insert("caches") @@ -54,7 +54,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_set_test() { - $id = md5(mt_rand()); + $id = random::hash(); $original_data = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id => $original_data), array("tag1", "tag2"), 84600); @@ -63,15 +63,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_tag_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 84600); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -86,15 +86,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_id_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -106,15 +106,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_tag_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -126,15 +126,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_all_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index c93cc239..26db5a63 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -92,7 +92,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_conflicts_result_in_a_rename_test() { - $rand = mt_rand(); + $rand = random::int(); $photo1 = test::random_photo_unsaved(item::root()); $photo1->name = "{$rand}.jpg"; $photo1->slug = (string)$rand; diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 0d6d10af..4987d2f9 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -278,10 +278,10 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function basic_validation_test() { $item = ORM::factory("item"); - $item->album_cover_item_id = mt_rand(); // invalid + $item->album_cover_item_id = random::int(); // invalid $item->description = str_repeat("x", 70000); // invalid $item->name = null; - $item->parent_id = mt_rand(); + $item->parent_id = random::int(); $item->slug = null; $item->sort_column = "bogus"; $item->sort_order = "bogus"; @@ -411,24 +411,24 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function urls_test() { $photo = test::random_photo(); $this->assert_true( - preg_match("|http://./var/resizes/name_\d+\.jpg\?m=\d+|", $photo->resize_url()), + preg_match("|http://./var/resizes/name_\w+\.jpg\?m=\d+|", $photo->resize_url()), $photo->resize_url() . " is malformed"); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+\.jpg\?m=\d+|", $photo->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+\.jpg\?m=\d+|", $photo->thumb_url()), $photo->thumb_url() . " is malformed"); $this->assert_true( - preg_match("|http://./var/albums/name_\d+\.jpg\?m=\d+|", $photo->file_url()), + preg_match("|http://./var/albums/name_\w+\.jpg\?m=\d+|", $photo->file_url()), $photo->file_url() . " is malformed"); // Albums have special thumbnails. Empty album has cachebuster of 0 since it has no thumbnail $album = test::random_album(); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=0|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), $album->thumb_url() . " is malformed"); $photo = test::random_photo($album); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); } diff --git a/modules/gallery_unit_test/helpers/test.php b/modules/gallery_unit_test/helpers/test.php index d5149492..65c7f6b4 100644 --- a/modules/gallery_unit_test/helpers/test.php +++ b/modules/gallery_unit_test/helpers/test.php @@ -19,7 +19,7 @@ */ class test_Core { static function random_album_unsaved($parent=null) { - $rand = mt_rand(); + $rand = random::string(6); $album = ORM::factory("item"); $album->type = "album"; @@ -34,7 +34,7 @@ class test_Core { } static function random_photo_unsaved($parent=null) { - $rand = mt_rand(); + $rand = random::string(6); $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent ? $parent->id : 1; @@ -49,16 +49,16 @@ class test_Core { } static function random_user($password="password") { - $rand = "name_" . mt_rand(); + $rand = "name_" . random::string(6); return identity::create_user($rand, $rand, $password, "$rand@rand.com"); } static function random_group() { - return identity::create_group((string)mt_rand()); + return identity::create_group(random::string(6)); } static function random_name($item=null) { - $rand = "name_" . mt_rand(); + $rand = "name_" . random::string(6); if ($item && $item->is_photo()) { $rand .= ".jpg"; } @@ -77,7 +77,7 @@ class test_Core { static function random_tag() { $tag = ORM::factory("tag"); - $tag->name = (string)mt_rand(); + $tag->name = random::string(6); // Reload so that ORM coerces all fields into strings. return $tag->save()->reload(); diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 58943700..9406e209 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -104,7 +104,7 @@ class rest_Core { if (!$key->loaded()) { $key->user_id = identity::active_user()->id; - $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); + $key->access_key = md5(random::hash() . access::private_key()); $key->save(); } diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index 4d7a4a1b..9e241bd0 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = md5($user->name . time() . mt_rand()); + $key->access_key = random::hash($user->name); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = md5($user->name . time() . mt_rand()); + $key->access_key = random::hash($user->name); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . time() . mt_rand()); + $key->access_key = random::hash($data->user->name); $key->save(); } $view->rest_key = $key->access_key; diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2e5eac5f..567e56dc 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -51,7 +51,7 @@ class Password_Controller extends Controller { $user_name = $form->reset->inputs["name"]->value; $user = user::lookup_by_name($user_name); if ($user && !empty($user->email)) { - $user->hash = md5(uniqid(mt_rand(), true)); + $user->hash = random::hash(); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); -- cgit v1.2.3 From 48640005a4edac955d9087f62fed1ab5f756b686 Mon Sep 17 00:00:00 2001 From: Kriss Andsten Date: Tue, 21 Dec 2010 09:03:46 +0800 Subject: Packaging + tests of Bharat's find_by_path routine. --- modules/gallery/helpers/item.php | 25 +++++++++++++++- modules/gallery/tests/Item_Helper_Test.php | 48 ++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 664da812..dbad59b9 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -208,7 +208,30 @@ class item_Core { return $model; } - + + static function find_by_path($path) { + $path = trim($path, '/'); + + // The root path name is NULL, not '', hence this workaround. + if ($path == '') { + return ORM::factory("item", 1); + } + + $paths = explode("/", $path); + $count = count($paths); + foreach (ORM::factory("item") + ->where('name', '=', $paths[$count - 1]) + ->where('level', '=', $count + 1) + ->find_all() as $item) { + if (urldecode($item->relative_path()) == $path) { + return $item; + } + } + + return false; + } + + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 26db5a63..1fced654 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -125,4 +125,52 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_same($photo2->id, $album->album_cover_item_id); $this->assert_same($photo2->id, $parent->album_cover_item_id); } + + public function find_by_path_does_the_right_thing_test() { + $level1 = test::random_album(); + $level2 = test::random_album($level1); + $level3 = test::random_photo($level2); + $level3->name = 'same.jpg'; + $level3->save(); + + $level2b = test::random_album($level1); + $level3b = test::random_photo($level2b); + $level3b->name = 'same.jpg'; + $level3b->save(); + + // Item in album + $this->assert_same( + item::find_by_path('/' . $level1->name . '/' . $level2->name . '/' . $level3->name)->id, + $level3->id); + + // Album, ends with a slash + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2->name . '/')->id, + $level2->id); + + // Album, ends without a slash + $this->assert_same( + item::find_by_path('/' . $level1->name . '/' . $level2->name)->id, + $level2->id); + + // Return root if '' is passed + $this->assert_same( + item::find_by_path('')->id, + "1"); + + // Verify that we don't get confused by the part names + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2->name . '/' . $level3->name)->id, + $level3->id); + + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2b->name . '/' . $level3b->name)->id, + $level3b->id); + + // Verify that we don't get false positives + $this->assert_same( + item::find_by_path('foo/bar/baz'), + false); + + } } -- cgit v1.2.3 From addd384bbdca6a9f066403c1d2919f3e863e072e Mon Sep 17 00:00:00 2001 From: Kriss Andsten Date: Wed, 22 Dec 2010 07:55:26 +0800 Subject: Minor changes to satisfy the G3 code standards. --- modules/gallery/helpers/item.php | 15 ++++++++++----- modules/gallery/tests/Item_Helper_Test.php | 18 +++++++++--------- 2 files changed, 19 insertions(+), 14 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index dbad59b9..f38d9888 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -208,20 +208,25 @@ class item_Core { return $model; } - + + /** + * Return an item by path. + * @param string $path + * @return object item + */ static function find_by_path($path) { - $path = trim($path, '/'); + $path = trim($path, "/"); // The root path name is NULL, not '', hence this workaround. if ($path == '') { - return ORM::factory("item", 1); + return ORM::factory("item", item::root()); } $paths = explode("/", $path); $count = count($paths); foreach (ORM::factory("item") - ->where('name', '=', $paths[$count - 1]) - ->where('level', '=', $count + 1) + ->where("name", "=", $paths[$count - 1]) + ->where("level", "=", $count + 1) ->find_all() as $item) { if (urldecode($item->relative_path()) == $path) { return $item; diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 1fced654..4bc64ff0 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -130,46 +130,46 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level1 = test::random_album(); $level2 = test::random_album($level1); $level3 = test::random_photo($level2); - $level3->name = 'same.jpg'; + $level3->name = "same.jpg"; $level3->save(); $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); - $level3b->name = 'same.jpg'; + $level3b->name = "same.jpg"; $level3b->save(); // Item in album $this->assert_same( - item::find_by_path('/' . $level1->name . '/' . $level2->name . '/' . $level3->name)->id, + item::find_by_path("/" . $level1->name . "/" . $level2->name . "/" . $level3->name)->id, $level3->id); // Album, ends with a slash $this->assert_same( - item::find_by_path($level1->name . '/' . $level2->name . '/')->id, + item::find_by_path($level1->name . "/" . $level2->name . "/")->id, $level2->id); // Album, ends without a slash $this->assert_same( - item::find_by_path('/' . $level1->name . '/' . $level2->name)->id, + item::find_by_path("/" . $level1->name . "/" . $level2->name)->id, $level2->id); // Return root if '' is passed $this->assert_same( - item::find_by_path('')->id, + item::find_by_path("")->id, "1"); // Verify that we don't get confused by the part names $this->assert_same( - item::find_by_path($level1->name . '/' . $level2->name . '/' . $level3->name)->id, + item::find_by_path($level1->name . "/" . $level2->name . "/" . $level3->name)->id, $level3->id); $this->assert_same( - item::find_by_path($level1->name . '/' . $level2b->name . '/' . $level3b->name)->id, + item::find_by_path($level1->name . "/" . $level2b->name . "/" . $level3b->name)->id, $level3b->id); // Verify that we don't get false positives $this->assert_same( - item::find_by_path('foo/bar/baz'), + item::find_by_path("foo/bar/baz"), false); } -- cgit v1.2.3 From c7096cc9ebe4b737c06629b975317aaa9806297f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:32:02 -0800 Subject: Fix assertion order to be (expected,actual) Change strinct concatenation to be variable interpolation to tighten it up. --- modules/gallery/tests/Item_Helper_Test.php | 47 ++++++++++++++---------------- 1 file changed, 22 insertions(+), 25 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4bc64ff0..d60380f0 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -126,51 +126,48 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_same($photo2->id, $parent->album_cover_item_id); } - public function find_by_path_does_the_right_thing_test() { + public function find_by_path_test() { $level1 = test::random_album(); - $level2 = test::random_album($level1); + $level2 = test::random_album($level1); $level3 = test::random_photo($level2); $level3->name = "same.jpg"; $level3->save(); - + $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); $level3b->name = "same.jpg"; $level3b->save(); - + // Item in album $this->assert_same( - item::find_by_path("/" . $level1->name . "/" . $level2->name . "/" . $level3->name)->id, - $level3->id); - + $level3->id, + item::find_by_path("/{$level1->name}/{$level2->name}/{$level3->name}")->id); + // Album, ends with a slash $this->assert_same( - item::find_by_path($level1->name . "/" . $level2->name . "/")->id, - $level2->id); - + $level2->id, + item::find_by_path("{$level1->name}/{$level2->name}/")->id); + // Album, ends without a slash $this->assert_same( - item::find_by_path("/" . $level1->name . "/" . $level2->name)->id, - $level2->id); - - // Return root if '' is passed - $this->assert_same( - item::find_by_path("")->id, - "1"); + $level2->id, + item::find_by_path("/{$level1->name}/{$level2->name}")->id); + + // Return root if "" is passed + $this->assert_same(item::root()->id, item::find_by_path("")->id); // Verify that we don't get confused by the part names $this->assert_same( - item::find_by_path($level1->name . "/" . $level2->name . "/" . $level3->name)->id, - $level3->id); + $level3->id, + item::find_by_path("{$level1->name}/{$level2->name}/{$level3->name}")->id); $this->assert_same( - item::find_by_path($level1->name . "/" . $level2b->name . "/" . $level3b->name)->id, - $level3b->id); - + $level3b->id, + item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); + // Verify that we don't get false positives $this->assert_same( - item::find_by_path("foo/bar/baz"), - false); - + false, + item::find_by_path("foo/bar/baz")); } } -- cgit v1.2.3 From f493130e59f26d41f090c5ca40e95b416b9b154b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:55:01 -0800 Subject: Tighten up item::find_by_path slightly. Augment the tests to cover special characters in the file name ("+" is an edge case differentiator between rawurlencode and urlencode). --- modules/gallery/helpers/item.php | 25 ++++++++++++------------- modules/gallery/tests/Item_Helper_Test.php | 2 +- 2 files changed, 13 insertions(+), 14 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index f38d9888..3596a2bf 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -210,33 +210,32 @@ class item_Core { } /** - * Return an item by path. + * Find an item by its path. If there's no match, return an empty Item_Model. * @param string $path - * @return object item + * @return object Item_Model */ static function find_by_path($path) { $path = trim($path, "/"); - - // The root path name is NULL, not '', hence this workaround. - if ($path == '') { - return ORM::factory("item", item::root()); + + // The root path name is NULL not "", hence this workaround. + if ($path == "") { + return item::root(); } - + $paths = explode("/", $path); - $count = count($paths); foreach (ORM::factory("item") - ->where("name", "=", $paths[$count - 1]) - ->where("level", "=", $count + 1) + ->where("name", "=", end($paths)) + ->where("level", "=", count($paths) + 1) ->find_all() as $item) { if (urldecode($item->relative_path()) == $path) { return $item; } } - + return false; } - - + + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index d60380f0..4124e453 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -135,7 +135,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); - $level3b->name = "same.jpg"; + $level3b->name = "has spaces+plusses.jpg"; $level3b->save(); // Item in album -- cgit v1.2.3 From 2a08cbf76da0f9984c0e182e6c448b516d8d7db3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:58:54 -0800 Subject: Return an empty Item_Model when item::find_by_path fails --- modules/gallery/helpers/item.php | 2 +- modules/gallery/tests/Item_Helper_Test.php | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 3596a2bf..08a04ad0 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -232,7 +232,7 @@ class item_Core { } } - return false; + return new Item_Model(); } diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4124e453..0aa7504e 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -166,8 +166,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); // Verify that we don't get false positives - $this->assert_same( - false, - item::find_by_path("foo/bar/baz")); + $this->assert_false( + item::find_by_path("foo/bar/baz")->loaded()); } } -- cgit v1.2.3 From d9299f3b3f4b1a52f5b68399cfcaa96d5b367899 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 19:33:47 -0800 Subject: Change item::find_by_path() to check the relative_path_cache first, and only fall back the name/level comparison if there's no cached entry. Update tests accordingly. --- modules/gallery/helpers/item.php | 16 ++++++++++++++++ modules/gallery/tests/Item_Helper_Test.php | 20 ++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 08a04ad0..bac189f4 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -211,6 +211,7 @@ class item_Core { /** * Find an item by its path. If there's no match, return an empty Item_Model. + * NOTE: the caller is responsible for performing security checks on the resulting item. * @param string $path * @return object Item_Model */ @@ -222,6 +223,21 @@ class item_Core { return item::root(); } + // Check to see if there's an item in the database with a matching relative_path_cache value. + // Since that field is urlencoded, we must urlencoded the components of the path. + foreach (explode("/", $path) as $part) { + $encoded_array[] = rawurlencode($part); + } + $encoded_path = join("/", $encoded_array); + $item = ORM::factory("item") + ->where("relative_path_cache", "=", $encoded_path) + ->find(); + if ($item->loaded()) { + return $item; + } + + // Since the relative_path_cache field is a cache, it can be unavailable. If we don't find + // anything, fall back to checking the path the hard way. $paths = explode("/", $path); foreach (ORM::factory("item") ->where("name", "=", end($paths)) diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 0aa7504e..13ecec2b 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -129,14 +129,21 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { public function find_by_path_test() { $level1 = test::random_album(); $level2 = test::random_album($level1); - $level3 = test::random_photo($level2); + $level3 = test::random_photo_unsaved($level2); $level3->name = "same.jpg"; - $level3->save(); + $level3->save()->reload(); $level2b = test::random_album($level1); - $level3b = test::random_photo($level2b); + $level3b = test::random_photo_unsaved($level2b); $level3b->name = "has spaces+plusses.jpg"; - $level3b->save(); + $level3b->save()->reload(); + + // Make sure that some of the calls below use the fallback code. + db::build() + ->update("items") + ->set(array("relative_url_cache" => null, "relative_path_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); // Item in album $this->assert_same( @@ -168,5 +175,10 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { // Verify that we don't get false positives $this->assert_false( item::find_by_path("foo/bar/baz")->loaded()); + + // Verify that the fallback code works + $this->assert_same( + $level3b->id, + item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); } } -- cgit v1.2.3 From 98fd1e9957ff0d65d1bbb0eaa2df6c1e59487b25 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 20:47:07 -0800 Subject: Implement item::find_by_relative_url with tests. --- modules/gallery/helpers/item.php | 26 +++++++++++ modules/gallery/tests/Item_Helper_Test.php | 70 +++++++++++++++++++++++++----- 2 files changed, 86 insertions(+), 10 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index bac189f4..29dd8603 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -252,6 +252,32 @@ class item_Core { } + /** + * Locate an item using the URL. We assume that the url is in the form /a/b/c where each + * component matches up with an item slug. If there's no match, return an empty Item_Model + * NOTE: the caller is responsible for performing security checks on the resulting item. + * @param string $url the relative url fragment + * @return Item_Model + */ + static function find_by_relative_url($relative_url) { + // In most cases, we'll have an exact match in the relative_url_cache item field. + // but failing that, walk down the tree until we find it. The fallback code will fix caches + // as it goes, so it'll never be run frequently. + $item = ORM::factory("item")->where("relative_url_cache", "=", $relative_url)->find(); + if (!$item->loaded()) { + $segments = explode("/", $relative_url); + foreach (ORM::factory("item") + ->where("slug", "=", end($segments)) + ->where("level", "=", count($segments) + 1) + ->find_all() as $match) { + if ($match->relative_url() == $relative_url) { + $item = $match; + } + } + } + return $item; + } + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 13ecec2b..42acfb18 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -128,23 +128,19 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { public function find_by_path_test() { $level1 = test::random_album(); - $level2 = test::random_album($level1); + $level2 = test::random_album_unsaved($level1); + $level2->name = "plus + space"; + $level2->save()->reload(); + $level3 = test::random_photo_unsaved($level2); $level3->name = "same.jpg"; $level3->save()->reload(); $level2b = test::random_album($level1); $level3b = test::random_photo_unsaved($level2b); - $level3b->name = "has spaces+plusses.jpg"; + $level3b->name = "same.jpg"; $level3b->save()->reload(); - // Make sure that some of the calls below use the fallback code. - db::build() - ->update("items") - ->set(array("relative_url_cache" => null, "relative_path_cache" => null)) - ->where("id", "IN", array($level3->id, $level3b->id)) - ->execute(); - // Item in album $this->assert_same( $level3->id, @@ -163,7 +159,12 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { // Return root if "" is passed $this->assert_same(item::root()->id, item::find_by_path("")->id); - // Verify that we don't get confused by the part names + // Verify that we don't get confused by the part names, using the fallback code. + db::build() + ->update("items") + ->set(array("relative_path_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); $this->assert_same( $level3->id, item::find_by_path("{$level1->name}/{$level2->name}/{$level3->name}")->id); @@ -181,4 +182,53 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level3b->id, item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); } + + public function find_by_relative_url_test() { + $level1 = test::random_album(); + $level2 = test::random_album($level1); + $level3 = test::random_photo_unsaved($level2); + $level3->slug = "same"; + $level3->save()->reload(); + + $level2b = test::random_album($level1); + $level3b = test::random_photo_unsaved($level2b); + $level3b->slug = "same"; + $level3b->save()->reload(); + + // Item in album + $this->assert_same( + $level3->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}/{$level3->slug}")->id); + + // Album, ends without a slash + $this->assert_same( + $level2->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}")->id); + + // Return root if "" is passed + $this->assert_same(item::root()->id, item::find_by_relative_url("")->id); + + // Verify that we don't get confused by the part slugs, using the fallback code. + db::build() + ->update("items") + ->set(array("relative_url_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); + $this->assert_same( + $level3->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}/{$level3->slug}")->id); + + $this->assert_same( + $level3b->id, + item::find_by_relative_url("{$level1->slug}/{$level2b->slug}/{$level3b->slug}")->id); + + // Verify that we don't get false positives + $this->assert_false( + item::find_by_relative_url("foo/bar/baz")->loaded()); + + // Verify that the fallback code works + $this->assert_same( + $level3b->id, + item::find_by_relative_url("{$level1->slug}/{$level2b->slug}/{$level3b->slug}")->id); + } } -- cgit v1.2.3 From 5d37d529b060fea06bae68c664bc91b00297bae6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 21:56:31 -0800 Subject: Update golden file to reflect the change in c989981041e66e336f1410b651173305ab184aba for #1520. --- modules/gallery/tests/xss_data.txt | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 7c5e803d..366391cf 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -399,17 +399,19 @@ themes/wind/views/dynamic.html.php 29 DIRTY $theme themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 32 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 41 DIRTY $new_width -themes/wind/views/page.html.php 42 DIRTY $new_height -themes/wind/views/page.html.php 43 DIRTY $thumb_proportion -themes/wind/views/page.html.php 80 DIRTY $header_text -themes/wind/views/page.html.php 82 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 86 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 107 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 128 DIRTY $content -themes/wind/views/page.html.php 134 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 141 DIRTY $footer_text +themes/wind/views/page.html.php 12 DIRTY $theme->item()->title +themes/wind/views/page.html.php 16 DIRTY item::root()->title +themes/wind/views/page.html.php 26 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 35 DIRTY $new_width +themes/wind/views/page.html.php 36 DIRTY $new_height +themes/wind/views/page.html.php 37 DIRTY $thumb_proportion +themes/wind/views/page.html.php 74 DIRTY $header_text +themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 80 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 122 DIRTY $content +themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 135 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From 9f3c6e4bee9f2ccae04b7b241c07845b9f233cfd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 22:00:25 -0800 Subject: Update test to match change in Item_Model::as_restful_array made in 7e31f97b4cbc5cf1894611de1e9de7a3efc6ad50 for #1536. --- modules/gallery/tests/Item_Model_Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 4987d2f9..0554c0e2 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -362,11 +362,11 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function as_restful_array_with_edit_bit_test() { - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_true($response["can_edit"]); identity::set_active_user(identity::guest()); - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_false($response["can_edit"]); } -- cgit v1.2.3 From b42fcb9cda4dafdb9db86770f54965b3fb2fc7ab Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 23:10:05 -0800 Subject: Use db::expr instead of "new Database_Expression". Resolves #1560. --- .../comment/controllers/admin_manage_comments.php | 2 +- modules/digibug/controllers/digibug.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/helpers/gallery_installer.php | 6 +++--- modules/gallery/helpers/gallery_task.php | 6 +++--- modules/gallery/helpers/module.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 22 +++++++++++----------- modules/gallery/tests/Gallery_Installer_Test.php | 2 +- modules/notification/helpers/notification.php | 2 +- modules/tag/helpers/tag.php | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php index 49bd85d5..ec876fc4 100644 --- a/modules/comment/controllers/admin_manage_comments.php +++ b/modules/comment/controllers/admin_manage_comments.php @@ -25,7 +25,7 @@ class Admin_Manage_Comments_Controller extends Admin_Controller { db::build() ->delete("comments") ->where("state", "IN", array("deleted", "spam")) - ->where("updated", "<", new Database_Expression("UNIX_TIMESTAMP() - 86400 * 7")) + ->where("updated", "<", db::expr("UNIX_TIMESTAMP() - 86400 * 7")) ->execute(); // Redirect to the appropriate queue diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 22bbe1a6..c48e3e87 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -114,7 +114,7 @@ class Digibug_Controller extends Controller { private function _clean_expired() { db::build() ->delete("digibug_proxies") - ->where("request_date", "<=", new Database_Expression("(CURDATE() - INTERVAL 10 DAY)")) + ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 10 DAY)")) ->limit(20) ->execute(); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 7729d797..80247a0f 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -27,7 +27,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { ->set("state", "stalled") ->where("done", "=", 0) ->where("state", "<>", "stalled") - ->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) + ->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) ->execute(); $stalled_count = $query->count(); if ($stalled_count) { diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index a6b8e6a2..fb7933f7 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -503,7 +503,7 @@ class gallery_installer { foreach (db::build() ->from("items") ->select("id", "slug") - ->where(new Database_Expression("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) + ->where(db::expr("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { @@ -540,7 +540,7 @@ class gallery_installer { if ($version == 25) { db::build() ->update("items") - ->set("title", new Database_Expression("`name`")) + ->set("title", db::expr("`name`")) ->and_open() ->where("title", "IS", null) ->or_where("title", "=", "") @@ -581,7 +581,7 @@ class gallery_installer { $db->query("ALTER TABLE {modules} ADD COLUMN `weight` int(9) DEFAULT NULL"); $db->query("ALTER TABLE {modules} ADD KEY (`weight`)"); db::update("modules") - ->set("weight", new Database_Expression("`id`")) + ->set("weight", db::expr("`id`")) ->execute(); module::set_version("gallery", $version = 32); } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index e69ff91a..9ccff152 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -74,7 +74,7 @@ class gallery_task_Core { // Choose the dirty images in a random order so that if we run this task multiple times // concurrently each task is rebuilding different images simultaneously. $result = graphics::find_dirty_images_query()->select("id") - ->select(new Database_Expression("RAND() as r")) + ->select(db::expr("RAND() as r")) ->order_by("r", "ASC") ->execute(); $total_count = $task->get("total_count", $result->count()); @@ -608,7 +608,7 @@ class gallery_task_Core { static function find_dupe_slugs() { return db::build() ->select_distinct( - array("parent_slug" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) + array("parent_slug" => db::expr("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") @@ -620,7 +620,7 @@ class gallery_task_Core { static function find_dupe_names() { return db::build() ->select_distinct( - array("parent_name" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`name`))"))) + array("parent_name" => db::expr("CONCAT(`parent_id`, ':', LOWER(`name`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 2b446daa..7c5578af 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -488,7 +488,7 @@ class module_Core { static function incr_var($module_name, $name, $increment=1) { db::build() ->update("vars") - ->set("value", new Database_Expression("`value` + $increment")) + ->set("value", db::expr("`value` + $increment")) ->where("module_name", "=", $module_name) ->where("name", "=", $name) ->execute(); diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index f20fafa0..4556273c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -54,12 +54,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the parent for this new item db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + 2")) + ->set("left_ptr", db::expr("`left_ptr` + 2")) ->where("left_ptr", ">=", $parent->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + 2")) + ->set("right_ptr", db::expr("`right_ptr` + 2")) ->where("right_ptr", ">=", $parent->right_ptr) ->execute(); $parent->right_ptr += 2; @@ -109,12 +109,12 @@ class ORM_MPTT_Core extends ORM { try { db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - 2")) + ->set("left_ptr", db::expr("`left_ptr` - 2")) ->where("left_ptr", ">", $this->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - 2")) + ->set("right_ptr", db::expr("`right_ptr` - 2")) ->where("right_ptr", ">", $this->right_ptr) ->execute(); } catch (Exception $e) { @@ -253,7 +253,7 @@ class ORM_MPTT_Core extends ORM { // Update the levels for the to-be-moved items db::build() ->update($this->table_name) - ->set("level", new Database_Expression("`level` + $level_delta")) + ->set("level", db::expr("`level` + $level_delta")) ->where("left_ptr", ">=", $original_left_ptr) ->where("right_ptr", "<=", $original_right_ptr) ->execute(); @@ -262,12 +262,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the target for the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` + $size_of_hole")) ->where("left_ptr", ">=", $target_right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` + $size_of_hole")) ->where("right_ptr", ">=", $target_right_ptr) ->execute(); @@ -290,8 +290,8 @@ class ORM_MPTT_Core extends ORM { $new_offset = $target->right_ptr - $left_ptr; db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $new_offset")) - ->set("right_ptr", new Database_Expression("`right_ptr` + $new_offset")) + ->set("left_ptr", db::expr("`left_ptr` + $new_offset")) + ->set("right_ptr", db::expr("`right_ptr` + $new_offset")) ->where("left_ptr", ">=", $left_ptr) ->where("right_ptr", "<=", $right_ptr) ->execute(); @@ -299,12 +299,12 @@ class ORM_MPTT_Core extends ORM { // Close the hole in the source's parent after the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` - $size_of_hole")) ->where("left_ptr", ">", $right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` - $size_of_hole")) ->where("right_ptr", ">", $right_ptr) ->execute(); } catch (Exception $e) { diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php index 67e712de..d34c3b0e 100644 --- a/modules/gallery/tests/Gallery_Installer_Test.php +++ b/modules/gallery/tests/Gallery_Installer_Test.php @@ -35,7 +35,7 @@ class Gallery_Installer_Test extends Gallery_Unit_Test_Case { public function install_creates_root_item_test() { $max_right_ptr = ORM::factory("item") - ->select(new Database_Expression("MAX(`right_ptr`) AS `right_ptr`")) + ->select(db::expr("MAX(`right_ptr`) AS `right_ptr`")) ->find()->right_ptr; $root = ORM::factory('item')->find(1); $this->assert_equal("Gallery", $root->title); diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 0564d336..2ff8ff48 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -160,7 +160,7 @@ class notification { static function send_pending_notifications() { foreach (db::build() - ->select(new Database_Expression("DISTINCT `email`")) + ->select(db::expr("DISTINCT `email`")) ->from("pending_notifications") ->execute() as $row) { $email = $row->email; diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 14d27c94..bcd3b0c0 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -118,7 +118,7 @@ class tag_Core { static function clear_all($item) { db::build() ->update("tags") - ->set("count", new Database_Expression("`count` - 1")) + ->set("count", db::expr("`count` - 1")) ->where("count", ">", 0) ->where("id", "IN", db::build()->select("tag_id")->from("items_tags")->where("item_id", "=", $item->id)) ->execute(); -- cgit v1.2.3 From f0dd16efc428d372cca6ec90ca31251e3ce24382 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 14:59:25 -0800 Subject: Revive the code from Cache_Driver::exists and put it into a helper function in the test so that we can keep our tests functioning. Follow on to 66fd8c7518ab71466aca72d20fb7bcd5f374af26 for #1559. --- modules/gallery/tests/Cache_Test.php | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index b95ef0a2..5e14051a 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -24,8 +24,16 @@ class Cache_Test extends Gallery_Unit_Test_Case { $this->_driver = new Cache_Database_Driver(); } - public function cache_exists_test() { - $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); + private function _exists($id) { + return db::build() + ->where("key", "=", $id) + ->where("expiration", ">=", time()) + ->limit("1") + ->count_records("caches") > 0; + } + + public function cache_exists_test_helper_function_test() { + $this->assert_false($this->_exists("test_key"), "test_key should not be defined"); $id = random::hash(); db::build() @@ -34,7 +42,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { ->values($id, ", ", 84600 + time(), serialize("some test data")) ->execute(); - $this->assert_true($this->_driver->exists($id), "test_key should be defined"); + $this->assert_true($this->_exists($id), "test_key should be defined"); } public function cache_get_test() { @@ -100,9 +108,9 @@ class Cache_Test extends Gallery_Unit_Test_Case { $this->_driver->delete(array($id1)); - $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted"); - $this->assert_true($this->_driver->exists($id2), "$id2 should not have been deleted"); - $this->assert_true($this->_driver->exists($id3), "$id3 should not have been deleted"); + $this->assert_false($this->_exists($id1), "$id1 should have been deleted"); + $this->assert_true($this->_exists($id2), "$id2 should not have been deleted"); + $this->assert_true($this->_exists($id3), "$id3 should not have been deleted"); } public function cache_delete_tag_test() { @@ -120,9 +128,9 @@ class Cache_Test extends Gallery_Unit_Test_Case { $data = $this->_driver->delete_tag(array("tag3")); - $this->assert_true($this->_driver->exists($id1), "$id1 should not have been deleted"); - $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted"); - $this->assert_false($this->_driver->exists($id3), "$id3 should have been deleted"); + $this->assert_true($this->_exists($id1), "$id1 should not have been deleted"); + $this->assert_false($this->_exists($id2), "$id2 should have been deleted"); + $this->assert_false($this->_exists($id3), "$id3 should have been deleted"); } public function cache_delete_all_test() { @@ -140,8 +148,8 @@ class Cache_Test extends Gallery_Unit_Test_Case { $data = $this->_driver->delete(true); - $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted"); - $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted"); - $this->assert_false($this->_driver->exists($id3), "$id3 should have been deleted"); + $this->assert_false($this->_exists($id1), "$id1 should have been deleted"); + $this->assert_false($this->_exists($id2), "$id2 should have been deleted"); + $this->assert_false($this->_exists($id3), "$id3 should have been deleted"); } } \ No newline at end of file -- cgit v1.2.3 From 44da46abd4aa2e210300d1d54c1d6896988fd71b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 15:11:37 -0800 Subject: Golden file updates for xss and controller authentication. --- modules/gallery/tests/controller_auth_data.txt | 5 +- modules/gallery/tests/xss_data.txt | 106 ++++++++++++++----------- 2 files changed, 62 insertions(+), 49 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 24170092..f1192071 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -22,8 +22,8 @@ modules/gallery/controllers/user_profile.php show modules/gallery/controllers/user_profile.php contact DIRTY_AUTH modules/gallery/controllers/user_profile.php send DIRTY_AUTH modules/gallery/controllers/welcome_message.php index DIRTY_AUTH -modules/organize/controllers/organize.php dialog DIRTY_CSRF -modules/organize/controllers/organize.php add_album_fields DIRTY_AUTH +modules/organize/controllers/organize.php tree DIRTY_CSRF +modules/organize/controllers/organize.php delete DIRTY_AUTH modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key_confirm DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key DIRTY_AUTH @@ -35,5 +35,6 @@ modules/server_add/controllers/server_add.php children modules/tag/controllers/admin_tags.php index DIRTY_CSRF modules/tag/controllers/tag.php __call DIRTY_CSRF|DIRTY_AUTH modules/tag/controllers/tags.php autocomplete DIRTY_CSRF|DIRTY_AUTH +modules/user/controllers/admin_users.php index DIRTY_CSRF modules/user/controllers/password.php reset DIRTY_AUTH modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 366391cf..609f786a 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -213,7 +213,7 @@ modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu- modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") -modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") +modules/gallery/views/movieplayer.html.php 17 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__") modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id @@ -262,8 +262,8 @@ modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $use modules/gallery/views/user_profile.html.php 43 DIRTY $info->view modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url() modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) -modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured) -modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url +modules/info/views/info_block.html.php 5 DIRTY $info["label"] +modules/info/views/info_block.html.php 5 DIRTY $info["value"] modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() @@ -274,22 +274,29 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item- modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url -modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $domain -modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $access_key -modules/organize/views/organize_dialog.html.php 96 DIRTY_JS request::protocol() -modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $file_filter -modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $sort_order -modules/organize/views/organize_dialog.html.php 99 DIRTY_JS $sort_fields -modules/organize/views/organize_dialog.html.php 100 DIRTY_JS $album->id -modules/organize/views/organize_dialog.html.php 101 DIRTY_JS $selected_id -modules/organize/views/organize_dialog.html.php 102 DIRTY_JS $rest_uri -modules/organize/views/organize_dialog.html.php 103 DIRTY_JS $controller_uri -modules/organize/views/organize_dialog.html.php 109 DIRTY_JS $flash_minimum_version="10.0.0" -modules/organize/views/organize_dialog.html.php 127 DIRTY_JS $swf_uri -modules/organize/views/organize_dialog.html.php 140 DIRTY_ATTR request::protocol() +modules/organize/views/organize_dialog.html.php 8 DIRTY_JS url::site("items/__ID__") +modules/organize/views/organize_dialog.html.php 14 DIRTY_JS $album->title +modules/organize/views/organize_frame.html.php 12 DIRTY_JS url::file("modules/organize/vendor/ext/images/default/s.gif") +modules/organize/views/organize_frame.html.php 56 DIRTY_JS url::site("organize/album_info/__ID__") +modules/organize/views/organize_frame.html.php 94 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 96 DIRTY_JS url::site("organize/set_sort/__ID__") +modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::site("organize/delete") +modules/organize/views/organize_frame.html.php 125 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 226 DIRTY_JS url::site("organize/rearrange") +modules/organize/views/organize_frame.html.php 237 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 275 DIRTY_JS $key +modules/organize/views/organize_frame.html.php 398 DIRTY_JS url::site("organize/tree/{$album->id}") +modules/organize/views/organize_frame.html.php 456 DIRTY_JS url::site("organize/reparent") +modules/organize/views/organize_frame.html.php 479 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 495 DIRTY_JS access::can("edit",item::root()) +modules/organize/views/organize_frame.html.php 497 DIRTY_JS item::root()->title +modules/organize/views/organize_frame.html.php 499 DIRTY_JS item::root()->id +modules/organize/views/organize_frame.html.php 507 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 508 DIRTY_JS $album->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key +modules/recaptcha/views/form_recaptcha.html.php 3 DIRTY_ATTR request::protocol() +modules/recaptcha/views/form_recaptcha.html.php 8 DIRTY_JS $public_key modules/rest/views/reset_api_key_confirm.html.php 6 DIRTY $form modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri @@ -346,28 +353,31 @@ modules/user/views/admin_users.html.php 73 DIRTY_ATTR $use modules/user/views/admin_users.html.php 74 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) modules/user/views/admin_users.html.php 88 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) modules/user/views/admin_users.html.php 91 DIRTY db::build()->from("items")->where("owner_id","=",$user->id)->count_records() -modules/user/views/admin_users.html.php 127 DIRTY_ATTR $group->id -modules/user/views/admin_users.html.php 127 DIRTY_ATTR ($group->special?"g-default-group":"") -modules/user/views/admin_users.html.php 129 DIRTY $v +modules/user/views/admin_users.html.php 113 DIRTY $pager +modules/user/views/admin_users.html.php 132 DIRTY_ATTR $group->id +modules/user/views/admin_users.html.php 132 DIRTY_ATTR ($group->special?"g-default-group":"") +modules/user/views/admin_users.html.php 134 DIRTY $v modules/user/views/admin_users_delete_user.html.php 6 DIRTY $form modules/user/views/admin_users_group.html.php 24 DIRTY_JS $user->id modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group->id modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 21 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 38 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 42 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 50 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 51 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 54 DIRTY $theme->user_menu() -themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 67 DIRTY $content -themes/admin_wind/views/admin.html.php 73 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 78 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 81 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 31 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 40 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 45 DIRTY $theme->get_combined("script") +themes/admin_wind/views/admin.html.php 48 DIRTY $theme->get_combined("css") +themes/admin_wind/views/admin.html.php 52 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 61 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 64 DIRTY $theme->user_menu() +themes/admin_wind/views/admin.html.php 67 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 70 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 77 DIRTY $content +themes/admin_wind/views/admin.html.php 83 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 88 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 91 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 96 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id @@ -398,20 +408,22 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) -themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 12 DIRTY $theme->item()->title -themes/wind/views/page.html.php 16 DIRTY item::root()->title -themes/wind/views/page.html.php 26 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 35 DIRTY $new_width -themes/wind/views/page.html.php 36 DIRTY $new_height -themes/wind/views/page.html.php 37 DIRTY $thumb_proportion -themes/wind/views/page.html.php 74 DIRTY $header_text -themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 80 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 122 DIRTY $content -themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 135 DIRTY $footer_text +themes/wind/views/page.html.php 10 DIRTY $page_title +themes/wind/views/page.html.php 13 DIRTY $theme->item()->title +themes/wind/views/page.html.php 17 DIRTY item::root()->title +themes/wind/views/page.html.php 31 DIRTY $new_width +themes/wind/views/page.html.php 32 DIRTY $new_height +themes/wind/views/page.html.php 33 DIRTY $thumb_proportion +themes/wind/views/page.html.php 70 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 75 DIRTY $theme->get_combined("script") +themes/wind/views/page.html.php 78 DIRTY $theme->get_combined("css") +themes/wind/views/page.html.php 88 DIRTY $header_text +themes/wind/views/page.html.php 90 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 94 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 115 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 136 DIRTY $content +themes/wind/views/page.html.php 142 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 149 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From 423daa52d55a5298b461384baedc995eee09a0d1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 21 Jan 2011 23:01:06 -0800 Subject: Update copyright to 2011. --- application/Bootstrap.php | 2 +- application/config/config.php | 2 +- index.php | 2 +- installer/cli.php | 2 +- installer/index.php | 2 +- installer/installer.php | 2 +- installer/web.php | 2 +- modules/akismet/controllers/admin_akismet.php | 2 +- modules/akismet/helpers/akismet.php | 2 +- modules/akismet/helpers/akismet_event.php | 2 +- modules/akismet/helpers/akismet_installer.php | 2 +- modules/akismet/tests/Akismet_Helper_Test.php | 2 +- modules/comment/controllers/admin_comments.php | 2 +- modules/comment/controllers/admin_manage_comments.php | 2 +- modules/comment/controllers/comments.php | 2 +- modules/comment/helpers/comment.php | 2 +- modules/comment/helpers/comment_block.php | 2 +- modules/comment/helpers/comment_event.php | 2 +- modules/comment/helpers/comment_installer.php | 2 +- modules/comment/helpers/comment_rest.php | 2 +- modules/comment/helpers/comment_rss.php | 2 +- modules/comment/helpers/comment_theme.php | 2 +- modules/comment/helpers/comments_rest.php | 2 +- modules/comment/helpers/item_comments_rest.php | 2 +- modules/comment/models/comment.php | 2 +- modules/comment/tests/Comment_Event_Test.php | 2 +- modules/comment/tests/Comment_Helper_Test.php | 2 +- modules/comment/tests/Comment_Model_Test.php | 2 +- modules/digibug/config/digibug.php | 2 +- modules/digibug/controllers/admin_digibug.php | 2 +- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/helpers/digibug_event.php | 2 +- modules/digibug/helpers/digibug_installer.php | 2 +- modules/digibug/helpers/digibug_theme.php | 2 +- modules/digibug/models/digibug_proxy.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/exif/controllers/exif.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/exif/helpers/exif_event.php | 2 +- modules/exif/helpers/exif_installer.php | 2 +- modules/exif/helpers/exif_task.php | 2 +- modules/exif/helpers/exif_theme.php | 2 +- modules/exif/models/exif_key.php | 2 +- modules/exif/models/exif_record.php | 2 +- modules/exif/tests/Exif_Test.php | 2 +- modules/g2_import/controllers/admin_g2_import.php | 2 +- modules/g2_import/controllers/g2.php | 2 +- modules/g2_import/helpers/g2_import.php | 2 +- modules/g2_import/helpers/g2_import_event.php | 2 +- modules/g2_import/helpers/g2_import_installer.php | 2 +- modules/g2_import/helpers/g2_import_task.php | 2 +- modules/g2_import/libraries/G2_Import_Exception.php | 2 +- modules/g2_import/models/g2_map.php | 2 +- modules/gallery/config/cache.php | 2 +- modules/gallery/config/cookie.php | 2 +- modules/gallery/config/database.php | 2 +- modules/gallery/config/locale.php | 2 +- modules/gallery/config/log_file.php | 2 +- modules/gallery/config/routes.php | 2 +- modules/gallery/config/session.php | 2 +- modules/gallery/config/upload.php | 2 +- modules/gallery/config/user_agents.php | 2 +- modules/gallery/controllers/admin.php | 2 +- modules/gallery/controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/admin_dashboard.php | 2 +- modules/gallery/controllers/admin_graphics.php | 2 +- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/controllers/admin_modules.php | 2 +- modules/gallery/controllers/admin_sidebar.php | 2 +- modules/gallery/controllers/admin_theme_options.php | 2 +- modules/gallery/controllers/admin_themes.php | 2 +- modules/gallery/controllers/admin_upgrade_checker.php | 2 +- modules/gallery/controllers/albums.php | 2 +- modules/gallery/controllers/combined.php | 2 +- modules/gallery/controllers/file_proxy.php | 2 +- modules/gallery/controllers/items.php | 2 +- modules/gallery/controllers/l10n_client.php | 2 +- modules/gallery/controllers/login.php | 2 +- modules/gallery/controllers/logout.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/packager.php | 2 +- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/photos.php | 2 +- modules/gallery/controllers/quick.php | 2 +- modules/gallery/controllers/reauthenticate.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/controllers/uploader.php | 2 +- modules/gallery/controllers/user_profile.php | 2 +- modules/gallery/controllers/welcome_message.php | 2 +- modules/gallery/helpers/MY_html.php | 2 +- modules/gallery/helpers/MY_num.php | 2 +- modules/gallery/helpers/MY_remote.php | 2 +- modules/gallery/helpers/MY_url.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/album.php | 2 +- modules/gallery/helpers/auth.php | 2 +- modules/gallery/helpers/batch.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/data_rest.php | 2 +- modules/gallery/helpers/dir.php | 2 +- modules/gallery/helpers/gallery.php | 2 +- modules/gallery/helpers/gallery_block.php | 2 +- modules/gallery/helpers/gallery_error.php | 2 +- modules/gallery/helpers/gallery_event.php | 2 +- modules/gallery/helpers/gallery_graphics.php | 2 +- modules/gallery/helpers/gallery_installer.php | 2 +- modules/gallery/helpers/gallery_rss.php | 2 +- modules/gallery/helpers/gallery_task.php | 2 +- modules/gallery/helpers/gallery_theme.php | 2 +- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/helpers/identity.php | 2 +- modules/gallery/helpers/item.php | 2 +- modules/gallery/helpers/item_rest.php | 2 +- modules/gallery/helpers/items_rest.php | 2 +- modules/gallery/helpers/json.php | 2 +- modules/gallery/helpers/l10n_client.php | 2 +- modules/gallery/helpers/l10n_scanner.php | 2 +- modules/gallery/helpers/locales.php | 2 +- modules/gallery/helpers/log.php | 2 +- modules/gallery/helpers/message.php | 2 +- modules/gallery/helpers/model_cache.php | 2 +- modules/gallery/helpers/module.php | 2 +- modules/gallery/helpers/movie.php | 2 +- modules/gallery/helpers/photo.php | 2 +- modules/gallery/helpers/random.php | 2 +- modules/gallery/helpers/site_status.php | 2 +- modules/gallery/helpers/system.php | 2 +- modules/gallery/helpers/task.php | 2 +- modules/gallery/helpers/theme.php | 2 +- modules/gallery/helpers/tree_rest.php | 2 +- modules/gallery/helpers/upgrade_checker.php | 2 +- modules/gallery/helpers/user_profile.php | 2 +- modules/gallery/helpers/xml.php | 2 +- modules/gallery/hooks/init_gallery.php | 2 +- modules/gallery/libraries/Admin_View.php | 2 +- modules/gallery/libraries/Block.php | 2 +- modules/gallery/libraries/Form_Script.php | 2 +- modules/gallery/libraries/Form_Uploadify.php | 2 +- modules/gallery/libraries/Form_Uploadify_buttons.php | 2 +- modules/gallery/libraries/Gallery_I18n.php | 2 +- modules/gallery/libraries/Gallery_View.php | 2 +- modules/gallery/libraries/IdentityProvider.php | 2 +- modules/gallery/libraries/InPlaceEdit.php | 2 +- modules/gallery/libraries/MY_Database.php | 2 +- modules/gallery/libraries/MY_Forge.php | 2 +- modules/gallery/libraries/MY_Input.php | 2 +- modules/gallery/libraries/MY_Kohana_Exception.php | 2 +- modules/gallery/libraries/MY_ORM.php | 2 +- modules/gallery/libraries/MY_Pagination.php | 2 +- modules/gallery/libraries/MY_View.php | 2 +- modules/gallery/libraries/Menu.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 2 +- modules/gallery/libraries/SafeString.php | 2 +- modules/gallery/libraries/Sendmail.php | 2 +- modules/gallery/libraries/Task_Definition.php | 2 +- modules/gallery/libraries/Theme_View.php | 2 +- modules/gallery/libraries/drivers/Cache/Database.php | 2 +- modules/gallery/libraries/drivers/IdentityProvider.php | 2 +- modules/gallery/models/access_cache.php | 2 +- modules/gallery/models/access_intent.php | 2 +- modules/gallery/models/cache.php | 2 +- modules/gallery/models/failed_auth.php | 2 +- modules/gallery/models/graphics_rule.php | 2 +- modules/gallery/models/incoming_translation.php | 2 +- modules/gallery/models/item.php | 2 +- modules/gallery/models/log.php | 2 +- modules/gallery/models/message.php | 2 +- modules/gallery/models/module.php | 2 +- modules/gallery/models/outgoing_translation.php | 2 +- modules/gallery/models/permission.php | 2 +- modules/gallery/models/task.php | 2 +- modules/gallery/models/theme.php | 2 +- modules/gallery/models/var.php | 2 +- modules/gallery/tests/Access_Helper_Test.php | 2 +- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 2 +- modules/gallery/tests/Controller_Auth_Test.php | 2 +- modules/gallery/tests/Database_Test.php | 2 +- modules/gallery/tests/Dir_Helper_Test.php | 2 +- modules/gallery/tests/DrawForm_Test.php | 2 +- modules/gallery/tests/File_Structure_Test.php | 4 ++-- modules/gallery/tests/Gallery_Filters.php | 2 +- modules/gallery/tests/Gallery_I18n_Test.php | 2 +- modules/gallery/tests/Gallery_Installer_Test.php | 2 +- modules/gallery/tests/Html_Helper_Test.php | 2 +- modules/gallery/tests/Input_Library_Test.php | 2 +- modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 2 +- modules/gallery/tests/Item_Rest_Helper_Test.php | 2 +- modules/gallery/tests/Items_Rest_Helper_Test.php | 2 +- modules/gallery/tests/Kohana_Exception_Test.php | 2 +- modules/gallery/tests/Locales_Helper_Test.php | 2 +- modules/gallery/tests/Menu_Test.php | 2 +- modules/gallery/tests/ORM_MPTT_Test.php | 2 +- modules/gallery/tests/Photos_Controller_Test.php | 2 +- modules/gallery/tests/SafeString_Test.php | 2 +- modules/gallery/tests/Sendmail_Test.php | 2 +- modules/gallery/tests/Url_Security_Test.php | 2 +- modules/gallery/tests/Var_Test.php | 2 +- modules/gallery/tests/Xss_Security_Test.php | 2 +- modules/gallery_unit_test/controllers/gallery_unit_test.php | 2 +- modules/gallery_unit_test/helpers/MY_request.php | 2 +- modules/gallery_unit_test/helpers/test.php | 2 +- modules/gallery_unit_test/libraries/Gallery_Unit_Test_Case.php | 2 +- modules/image_block/helpers/image_block_block.php | 2 +- modules/image_block/helpers/image_block_installer.php | 2 +- modules/info/helpers/info_block.php | 2 +- modules/info/helpers/info_installer.php | 2 +- modules/info/helpers/info_theme.php | 2 +- modules/kohana23_compat/config/pagination.php | 2 +- modules/kohana23_compat/libraries/MY_Database_Builder.php | 2 +- modules/kohana23_compat/libraries/Pagination.php | 2 +- modules/notification/controllers/notification.php | 2 +- modules/notification/helpers/notification.php | 2 +- modules/notification/helpers/notification_event.php | 2 +- modules/notification/helpers/notification_installer.php | 2 +- modules/notification/models/pending_notification.php | 2 +- modules/notification/models/subscription.php | 2 +- modules/organize/controllers/organize.php | 2 +- modules/organize/helpers/organize_event.php | 2 +- modules/organize/helpers/organize_installer.php | 2 +- modules/recaptcha/controllers/admin_recaptcha.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/recaptcha/helpers/recaptcha_event.php | 2 +- modules/recaptcha/helpers/recaptcha_installer.php | 2 +- modules/recaptcha/helpers/recaptcha_theme.php | 2 +- modules/recaptcha/libraries/Form_Recaptcha.php | 2 +- modules/rest/controllers/rest.php | 2 +- modules/rest/helpers/registry_rest.php | 2 +- modules/rest/helpers/rest.php | 2 +- modules/rest/helpers/rest_event.php | 2 +- modules/rest/helpers/rest_installer.php | 2 +- modules/rest/libraries/Rest_Exception.php | 2 +- modules/rest/models/user_access_key.php | 2 +- modules/rest/tests/Rest_Controller_Test.php | 2 +- modules/rss/controllers/rss.php | 2 +- modules/rss/helpers/rss.php | 2 +- modules/rss/helpers/rss_block.php | 2 +- modules/search/controllers/search.php | 2 +- modules/search/helpers/search.php | 2 +- modules/search/helpers/search_event.php | 2 +- modules/search/helpers/search_installer.php | 2 +- modules/search/helpers/search_task.php | 2 +- modules/search/helpers/search_theme.php | 2 +- modules/search/models/search_record.php | 2 +- modules/server_add/controllers/admin_server_add.php | 2 +- modules/server_add/controllers/server_add.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/server_add/helpers/server_add_event.php | 2 +- modules/server_add/helpers/server_add_installer.php | 2 +- modules/server_add/helpers/server_add_theme.php | 2 +- modules/server_add/models/server_add_entry.php | 2 +- modules/slideshow/helpers/slideshow_event.php | 2 +- modules/slideshow/helpers/slideshow_installer.php | 2 +- modules/slideshow/helpers/slideshow_theme.php | 2 +- modules/tag/controllers/admin_tags.php | 2 +- modules/tag/controllers/tag.php | 2 +- modules/tag/controllers/tags.php | 2 +- modules/tag/helpers/item_tags_rest.php | 2 +- modules/tag/helpers/tag.php | 2 +- modules/tag/helpers/tag_block.php | 2 +- modules/tag/helpers/tag_event.php | 2 +- modules/tag/helpers/tag_installer.php | 2 +- modules/tag/helpers/tag_item_rest.php | 2 +- modules/tag/helpers/tag_items_rest.php | 2 +- modules/tag/helpers/tag_rest.php | 2 +- modules/tag/helpers/tag_rss.php | 2 +- modules/tag/helpers/tag_task.php | 2 +- modules/tag/helpers/tag_theme.php | 2 +- modules/tag/helpers/tags_rest.php | 2 +- modules/tag/models/tag.php | 2 +- modules/tag/tests/Tag_Item_Rest_Helper_Test.php | 2 +- modules/tag/tests/Tag_Rest_Helper_Test.php | 2 +- modules/tag/tests/Tag_Test.php | 2 +- modules/tag/tests/Tags_Rest_Helper_Test.php | 2 +- modules/user/config/identity.php | 2 +- modules/user/controllers/admin_users.php | 2 +- modules/user/controllers/password.php | 2 +- modules/user/controllers/users.php | 2 +- modules/user/helpers/group.php | 2 +- modules/user/helpers/user.php | 2 +- modules/user/helpers/user_event.php | 2 +- modules/user/helpers/user_installer.php | 2 +- modules/user/helpers/user_theme.php | 2 +- modules/user/libraries/drivers/IdentityProvider/Gallery.php | 2 +- modules/user/models/group.php | 2 +- modules/user/models/user.php | 2 +- modules/user/tests/No_Direct_ORM_Access_Test.php | 2 +- modules/user/tests/User_Groups_Test.php | 2 +- modules/user/tests/User_Installer_Test.php | 2 +- modules/watermark/controllers/admin_watermarks.php | 2 +- modules/watermark/helpers/watermark.php | 2 +- modules/watermark/helpers/watermark_event.php | 2 +- modules/watermark/helpers/watermark_installer.php | 2 +- 295 files changed, 296 insertions(+), 296 deletions(-) (limited to 'modules/gallery/tests') diff --git a/application/Bootstrap.php b/application/Bootstrap.php index fbd83ce1..ff021fd5 100644 --- a/application/Bootstrap.php +++ b/application/Bootstrap.php @@ -1,7 +1,7 @@ Date: Fri, 21 Jan 2011 23:09:27 -0800 Subject: Update XSS golden file --- modules/gallery/tests/xss_data.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 609f786a..0c812fb4 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -248,6 +248,7 @@ modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permi modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form +modules/gallery/views/upgrade_checker_block.html.php 17 DIRTY $new_version modules/gallery/views/upgrader.html.php 76 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 94 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" @@ -338,8 +339,8 @@ modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::s modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count -modules/tag/views/tag_block.html.php 26 DIRTY $cloud -modules/tag/views/tag_block.html.php 28 DIRTY $form +modules/tag/views/tag_block.html.php 28 DIRTY $cloud +modules/tag/views/tag_block.html.php 30 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() @@ -363,6 +364,7 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url +themes/admin_wind/views/admin.html.php 4 DIRTY $theme->html_attributes() themes/admin_wind/views/admin.html.php 31 DIRTY $theme->admin_head() themes/admin_wind/views/admin.html.php 40 DIRTY_JS $theme->url() themes/admin_wind/views/admin.html.php 45 DIRTY $theme->get_combined("script") @@ -408,6 +410,7 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) +themes/wind/views/page.html.php 4 DIRTY $theme->html_attributes() themes/wind/views/page.html.php 10 DIRTY $page_title themes/wind/views/page.html.php 13 DIRTY $theme->item()->title themes/wind/views/page.html.php 17 DIRTY item::root()->title -- cgit v1.2.3