From f20bf46868485ba17308fe8e03edcb79077f7e10 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 10 Jun 2009 01:21:57 -0700
Subject: Consider the CLI sapi the equivalent of an admin

---
 modules/gallery/views/kohana_error_page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
index d9bf9698..6bf48549 100644
--- a/modules/gallery/views/kohana_error_page.php
+++ b/modules/gallery/views/kohana_error_page.php
@@ -59,7 +59,7 @@
   </head>
   <body>
     <? try { $user = user::active(); } catch (Exception $e) { } ?>
-    <? $admin = isset($user) && $user->admin ?>
+    <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
     <div class="big_box" id="framework_error">
       <h1>
         <?= t("Dang...  Something went wrong!") ?>
-- 
cgit v1.2.3


From 5a6fc93496555ad2af73e37fd36979fce2ca3203 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 10 Jun 2009 20:22:10 -0700
Subject: Improve our warning message to also mention that you need to have
 mod_rewrite installed.

---
 modules/gallery/views/permissions_browse.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php
index 8bb2e830..36394877 100644
--- a/modules/gallery/views/permissions_browse.html.php
+++ b/modules/gallery/views/permissions_browse.html.php
@@ -27,7 +27,7 @@
   <? if (!$htaccess_works): ?>
   <ul id="gMessage">
     <li class="gError">
-      <?= t("Oh no!  Your server needs a configuration change in order for you to hide photos!  Ask your server administrator to set <a %attrs><i>AllowOverride FileInfo Options</i></a> to fix this.", array("attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\"")) ?>
+      <?= t("Oh no!  Your server needs a configuration change in order for you to hide photos!  Ask your server administrator to enable <a %mod_rewrite_attrs>mod_rewrite</a> and set <a %apache_attrs><i>AllowOverride FileInfo Options</i></a> to fix this.", array("mod_rewrite_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\"")) ?>
     </li>
   </ul>
   <? endif ?>
-- 
cgit v1.2.3


From 4118ca4f1db76447da8846fc4835fea702687d21 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 10 Jun 2009 21:05:24 -0700
Subject: Provide a way for non-admins to authenticate and use the upgrader,
 without using our regular code paths.

---
 modules/gallery/controllers/upgrader.php | 19 ++++++++++++++-----
 modules/gallery/views/upgrader.html.php  | 16 ++++++++++++++++
 2 files changed, 30 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index 0833e253..5eb96fdd 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -19,24 +19,33 @@
  */
 class Upgrader_Controller extends Controller {
   public function index() {
-    // Todo: give the admin a chance to log in here
-    if (!user::active()->admin) {
-      access::forbidden();
+    $session = Session::instance();
+
+    // Make sure we have an upgrade token
+    if (!($upgrade_token = $session->get("upgrade_token", null))) {
+      $session->set("upgrade_token", $upgrade_token = md5(rand()));
+    }
+
+    // If the upgrade token exists, then bless this session
+    if (file_exists(TMPPATH . $upgrade_token)) {
+      $session->set("can_upgrade", true);
+      @unlink(TMPPATH . $upgrade_token);
     }
 
     $view = new View("upgrader.html");
+    $view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
+    $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
     $view->done = Input::instance()->get("done");
     print $view;
   }
 
   public function upgrade() {
-    // Todo: give the admin a chance to log in here
     if (php_sapi_name() == "cli") {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!user::active()->admin) {
+    } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index 6b9a0110..fa21e196 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -9,6 +9,9 @@
       font-family: Trebuchet MS;
       font-size: 1.1em;
     }
+    h1 {
+      font-size: 1.4em;
+    }
     div#outer {
       width: 650px;
       background: white;
@@ -93,11 +96,17 @@
     .gray_on_done {
       opacity: <?= $done ? "0.5" : "1" ?>;
     }
+    pre {
+      display: inline;
+      margin: 0px;
+      padding: 0px;
+    }
   </style>
   <body>
     <div id="outer">
       <img src="<?= url::file("modules/gallery/images/gallery.png") ?>" />
       <div id="inner">
+        <? if ($can_upgrade): ?>
         <? if ($done): ?>
         <div id="confirmation">
           <div>
@@ -158,6 +167,13 @@
           <? endforeach ?>
         </p>
         <? endif ?>
+        <? else: // can_upgrade ?>
+        <h1> <?= t("Who are you?") ?> </h1>
+        <p>
+          <?= t("You're not logged in as an administrator, so we have to verify you to make sure it's ok for you to do an upgrade.  To prove you can run an upgrade, create a file called %name in your <b>gallery3/var/tmp</b> directory.", array("name" => "<br/><b>$upgrade_token</b>")) ?>
+        </p>
+        <a href="<?= url::site("upgrader?") ?>"><?= t("Ok, I've done that") ?></a>
+        <? endif // can_upgrade ?>
       </div>
       <div id="footer">
         <p>
-- 
cgit v1.2.3