From 79740a2c77ad5c9b048e094cc164fd0129aba16a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 14 Dec 2010 21:18:40 -0800 Subject: Move photo/movie file extension validation into the model. Fixes #1524. --- modules/gallery/models/item.php | 9 ++++++++- modules/gallery/tests/Item_Model_Test.php | 23 +++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 9016a04a..a4d24b8f 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -848,10 +848,17 @@ class Item_Model_Core extends ORM_MPTT { } } else { // New items must have an extension - if (!pathinfo($this->name, PATHINFO_EXTENSION)) { + $ext = pathinfo($this->name, PATHINFO_EXTENSION); + if (!$ext) { $v->add_error("name", "illegal_data_file_extension"); return; } + + if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) { + $v->add_error("name", "illegal_data_file_extension"); + } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) { + $v->add_error("name", "illegal_data_file_extension"); + } } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 264a2128..1e6d54d0 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -431,4 +431,27 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); } + + public function legal_extension_test() { + foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } + } + + public function illegal_extension_test() { + foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } -- cgit v1.2.3 From a0b7d397dd3a1192800c185a929ce871ae744f38 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 11:44:29 -0800 Subject: Amend db00958cee5e7373cf4bc439d65e687e7ef2d985 by extending the system user_agents.php instead of replacing it. This lets us avoid having to reformat the file to get File_Structure_Test to pass and will let us take advantage of further improvements ot the Kohana version of the file. Additional fix for #1436. --- modules/gallery/config/user_agents.php | 138 +++++---------------------------- 1 file changed, 19 insertions(+), 119 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/config/user_agents.php b/modules/gallery/config/user_agents.php index 24720046..4e82e7d4 100644 --- a/modules/gallery/config/user_agents.php +++ b/modules/gallery/config/user_agents.php @@ -1,122 +1,22 @@ - 'Windows Vista', - 'windows nt 5.2' => 'Windows 2003', - 'windows nt 5.0' => 'Windows 2000', - 'windows nt 5.1' => 'Windows XP', - 'windows nt 4.0' => 'Windows NT', - 'winnt4.0' => 'Windows NT', - 'winnt 4.0' => 'Windows NT', - 'winnt' => 'Windows NT', - 'windows 98' => 'Windows 98', - 'win98' => 'Windows 98', - 'windows 95' => 'Windows 95', - 'win95' => 'Windows 95', - 'windows' => 'Unknown Windows OS', - 'os x' => 'Mac OS X', - 'intel mac' => 'Intel Mac', - 'ppc mac' => 'PowerPC Mac', - 'powerpc' => 'PowerPC', - 'ppc' => 'PowerPC', - 'cygwin' => 'Cygwin', - 'linux' => 'Linux', - 'debian' => 'Debian', - 'openvms' => 'OpenVMS', - 'sunos' => 'Sun Solaris', - 'amiga' => 'Amiga', - 'beos' => 'BeOS', - 'apachebench' => 'ApacheBench', - 'freebsd' => 'FreeBSD', - 'netbsd' => 'NetBSD', - 'bsdi' => 'BSDi', - 'openbsd' => 'OpenBSD', - 'os/2' => 'OS/2', - 'warp' => 'OS/2', - 'aix' => 'AIX', - 'irix' => 'Irix', - 'osf' => 'DEC OSF', - 'hp-ux' => 'HP-UX', - 'hurd' => 'GNU/Hurd', - 'unix' => 'Unknown Unix OS', -); - -/** - * The order of this array should NOT be changed. Many browsers return - * multiple browser types so we want to identify the sub-type first. - */ -$config['browser'] = array -( - 'Opera' => 'Opera', - 'MSIE' => 'Internet Explorer', - 'Internet Explorer' => 'Internet Explorer', - 'Shiira' => 'Shiira', - 'Firefox' => 'Firefox', - 'Chimera' => 'Chimera', - 'Phoenix' => 'Phoenix', - 'Firebird' => 'Firebird', - 'Camino' => 'Camino', - 'Netscape' => 'Netscape', - 'OmniWeb' => 'OmniWeb', - 'Chrome' => 'Chrome', - 'Safari' => 'Safari', - 'Konqueror' => 'Konqueror', - 'Epiphany' => 'Epiphany', - 'Galeon' => 'Galeon', - 'Mozilla' => 'Mozilla', - 'icab' => 'iCab', - 'lynx' => 'Lynx', - 'links' => 'Links', - 'hotjava' => 'HotJava', - 'amaya' => 'Amaya', - 'IBrowse' => 'IBrowse', -); - -$config['mobile'] = array -( - 'mobileexplorer' => 'Mobile Explorer', - 'openwave' => 'Open Wave', - 'opera mini' => 'Opera Mini', - 'operamini' => 'Opera Mini', - 'elaine' => 'Palm', - 'palmsource' => 'Palm', - 'digital paths' => 'Palm', - 'avantgo' => 'Avantgo', - 'xiino' => 'Xiino', - 'palmscape' => 'Palmscape', - 'nokia' => 'Nokia', - 'ericsson' => 'Ericsson', - 'blackBerry' => 'BlackBerry', - 'motorola' => 'Motorola', - 'iphone' => 'iPhone', - 'android' => 'Android', -); - -/** - * There are hundreds of bots but these are the most common. + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -$config['robot'] = array -( - 'googlebot' => 'Googlebot', - 'msnbot' => 'MSNBot', - 'slurp' => 'Inktomi Slurp', - 'yahoo' => 'Yahoo', - 'askjeeves' => 'AskJeeves', - 'fastcrawler' => 'FastCrawler', - 'infoseek' => 'InfoSeek Robot 1.0', - 'lycos' => 'Lycos', - 'mj12bot' => 'MJ12bot', - 'speedy spider' => 'Speedy Spider', -); \ No newline at end of file +include(SYSPATH . "config/user_agents.php"); +$config["robot"]["mj12bot"] = "MJ12bot"; +$config["robot"]["speedy spider"] = "Speedy Spider"; -- cgit v1.2.3 From f8890be62b6c1ab14001111f10a8cbcdf973cdc1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 11:57:46 -0800 Subject: Follow on to d2be26e407aeb620082bcad2d5a45272868b38a1 to convert tabs to spaces. --- modules/gallery/helpers/items_rest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 08aa3279..3c09faa8 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -84,9 +84,9 @@ class items_rest_Core { if ($item->type == "album") { $members = array(); foreach ($item->viewable()->children() as $child) { - if (empty($types) || in_array($child->type, $types)) { - $members[] = rest::url("item", $child); - } + if (empty($types) || in_array($child->type, $types)) { + $members[] = rest::url("item", $child); + } } $item_rest["members"] = $members; } -- cgit v1.2.3 From 18470a60012b8ab48b8c2a6a94673b69500de4a7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:07:02 -0800 Subject: Clean up xss golden file as a follow-on to 945e79b17182f7c96eb4b566bd41d26b5f8c4288 for #1478. --- modules/gallery/tests/xss_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 0345df96..bd72509c 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -43,8 +43,8 @@ modules/digibug/views/digibug_form.html.php 6 DIRTY form:: modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] modules/g2_import/views/admin_g2_import.html.php 9 DIRTY $form -modules/gallery/views/admin_advanced_settings.html.php 20 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY $var->module_name +modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY_JS user_profile::url($entry->user->id) modules/gallery/views/admin_block_log_entries.html.php 10 DIRTY gallery::date_time($entry->timestamp) -- cgit v1.2.3 From ff4c930338a80a7a5eb220f539aac1f06c748bc4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:08:56 -0800 Subject: Clean up golden file as a follow-on to 3c523bcac6e902973c5891c02842254eaecd33a4 for #1499. --- modules/gallery/tests/xss_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index bd72509c..7c5e803d 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -260,8 +260,8 @@ modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $don modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view -modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() -modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) +modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url() +modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured) modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() -- cgit v1.2.3 From 6fb0eb4e97e3bbfa50029f0b4249c10bd22abe09 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:24:31 -0800 Subject: Follow on to d2be26e407aeb620082bcad2d5a45272868b38a1 to update the unit tests to reflect the proper type filtering for #1503. --- modules/gallery/tests/Items_Rest_Helper_Test.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 8e53110a..49e77876 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -65,21 +65,21 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); $request->params->urls = json_encode(array( - rest::url("item", $photo1), - rest::url("item", $album2))); + rest::url("item", $photo2), + rest::url("item", $album1))); $request->params->type = "album"; $this->assert_equal_array( array( - array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + array("url" => rest::url("item", $album1), + "entity" => $album1->as_restful_array(), "relationships" => array( "comments" => array( - "url" => rest::url("item_comments", $album2)), + "url" => rest::url("item_comments", $album1)), "tags" => array( - "url" => rest::url("item_tags", $album2), + "url" => rest::url("item_tags", $album1), "members" => array())), "members" => array( - rest::url("item", $photo2)))), + rest::url("item", $album2)))), items_rest::get($request)); } -- cgit v1.2.3 From 45c63f4d118bfc99924edb8685442035349af6db Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 12:48:56 -0800 Subject: Use mt_rand() instead of rand() since it provides better portability. Fixes #1527. --- installer/installer.php | 4 +-- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/gallery_installer.php | 4 +-- modules/gallery/models/item.php | 4 +-- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 30 +++++++++++------------ modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 4 +-- modules/gallery_unit_test/helpers/test.php | 12 ++++----- modules/rest/helpers/rest_event.php | 6 ++--- 14 files changed, 39 insertions(+), 39 deletions(-) (limited to 'modules/gallery') diff --git a/installer/installer.php b/installer/installer.php index 9a957b43..7d358e70 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -138,7 +138,7 @@ class installer { $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0; $salt .= chr($char); } - $password = substr(md5(time() * rand()), 0, 6); + $password = substr(md5(time() . mt_rand()), 0, 6); // Escape backslash in preparation for our UPDATE statement. $hashed_password = str_replace("\\", "\\\\", $salt . md5($salt . $password)); $sql = self::prepend_prefix($config["prefix"], @@ -152,7 +152,7 @@ class installer { } static function create_admin_session($config) { - $session_id = md5(time() * rand()); + $session_id = md5(time() . mt_rand()); $user_agent = $_SERVER["HTTP_USER_AGENT"]; $user_agent_len = strlen($user_agent); $now = time(); diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 88d1ace0..a9e49de7 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -28,7 +28,7 @@ class Digibug_Controller extends Controller { $thumb_url = $item->thumb_url(true); } else { $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(rand()); + $proxy->uuid = md5(mt_rand()); $proxy->item_id = $item->id; $proxy->save(); $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid"); diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php index 19a3f9da..6f9e20df 100644 --- a/modules/digibug/tests/Digibug_Controller_Test.php +++ b/modules/digibug/tests/Digibug_Controller_Test.php @@ -36,7 +36,7 @@ class Digibug_Controller_Test extends Gallery_Unit_Test_Case { access::deny(identity::registered_users(), "view_full", $album); $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(rand()); + $proxy->uuid = md5(mt_rand()); $proxy->item_id = $photo->id; return $proxy->save(); } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index b2646874..50f6b8f0 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -23,7 +23,7 @@ class Upgrader_Controller extends Controller { // Make sure we have an upgrade token if (!($upgrade_token = $session->get("upgrade_token", null))) { - $session->set("upgrade_token", $upgrade_token = md5(rand())); + $session->set("upgrade_token", $upgrade_token = md5(time() . mt_rand())); } // If the upgrade token exists, then bless this session diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 0b0dcbc1..6a948999 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -426,7 +426,7 @@ class access_Core { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { - $csrf = md5(rand()); + $csrf = md5(time() . mt_rand()); $session->set("csrf", $csrf); } return $csrf; diff --git a/modules/gallery/helpers/block_manager.php b/modules/gallery/helpers/block_manager.php index 2237b702..e7247edc 100644 --- a/modules/gallery/helpers/block_manager.php +++ b/modules/gallery/helpers/block_manager.php @@ -28,7 +28,7 @@ class block_manager_Core { static function add($location, $module_name, $block_id) { $blocks = block_manager::get_active($location); - $blocks[rand()] = array($module_name, $block_id); + $blocks[mt_rand()] = array($module_name, $block_id); block_manager::set_active($location, $blocks); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 3d82bc69..9c42caad 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -459,7 +459,7 @@ class gallery_installer { $blocks = block_manager::get_active($location); $new_blocks = array(); foreach ($blocks as $block) { - $new_blocks[rand()] = $block; + $new_blocks[mt_rand()] = $block; } block_manager::set_active($location, $new_blocks); } @@ -507,7 +507,7 @@ class gallery_installer { ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { - $new_slug = rand(); + $new_slug = mt_rand(); } db::build() ->update("items") diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index a4d24b8f..b6713fc3 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -390,7 +390,7 @@ class Item_Model_Core extends ORM_MPTT { if (file_exists($this->resize_path()) || file_exists($this->thumb_path())) { $pi = pathinfo($this->name); - $this->name = $pi["filename"] . "-" . rand() . "." . $pi["extension"]; + $this->name = $pi["filename"] . "-" . mt_rand() . "." . $pi["extension"]; parent::save(); } @@ -512,7 +512,7 @@ class Item_Model_Core extends ORM_MPTT { ->or_where("slug", "=", $this->slug) ->close() ->find()->id) { - $rand = rand(); + $rand = mt_rand(); if ($base_ext) { $this->name = "$base_name-$rand.$base_ext"; } else { diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index 6c64394d..86c74890 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -31,7 +31,7 @@ class Albums_Controller_Test extends Gallery_Unit_Test_Case { $album = test::random_album(); // Randomize to avoid conflicts. - $new_name = "new_name_" . rand(); + $new_name = "new_name_" . mt_rand(); $_POST["name"] = $new_name; $_POST["title"] = "new title"; diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index e8d8b6f4..6cee2862 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -27,7 +27,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { public function cache_exists_test() { $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); - $id = md5(rand()); + $id = md5(mt_rand()); db::build() ->insert("caches") ->columns("key", "tags", "expiration", "cache") @@ -38,7 +38,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_test() { - $id = md5(rand()); + $id = md5(mt_rand()); db::build() ->insert("caches") @@ -54,7 +54,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_set_test() { - $id = md5(rand()); + $id = md5(mt_rand()); $original_data = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id => $original_data), array("tag1", "tag2"), 84600); @@ -63,15 +63,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_tag_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 84600); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -86,15 +86,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_id_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -106,15 +106,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_tag_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -126,15 +126,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_all_test() { - $id1 = md5(rand()); + $id1 = md5(mt_rand()); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(rand()); + $id2 = md5(mt_rand()); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(rand()); + $id3 = md5(mt_rand()); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index eb2458cb..c93cc239 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -92,7 +92,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_conflicts_result_in_a_rename_test() { - $rand = rand(); + $rand = mt_rand(); $photo1 = test::random_photo_unsaved(item::root()); $photo1->name = "{$rand}.jpg"; $photo1->slug = (string)$rand; diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 1e6d54d0..0d6d10af 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -278,10 +278,10 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function basic_validation_test() { $item = ORM::factory("item"); - $item->album_cover_item_id = rand(); // invalid + $item->album_cover_item_id = mt_rand(); // invalid $item->description = str_repeat("x", 70000); // invalid $item->name = null; - $item->parent_id = rand(); + $item->parent_id = mt_rand(); $item->slug = null; $item->sort_column = "bogus"; $item->sort_order = "bogus"; diff --git a/modules/gallery_unit_test/helpers/test.php b/modules/gallery_unit_test/helpers/test.php index 1be82a74..d5149492 100644 --- a/modules/gallery_unit_test/helpers/test.php +++ b/modules/gallery_unit_test/helpers/test.php @@ -19,7 +19,7 @@ */ class test_Core { static function random_album_unsaved($parent=null) { - $rand = rand(); + $rand = mt_rand(); $album = ORM::factory("item"); $album->type = "album"; @@ -34,7 +34,7 @@ class test_Core { } static function random_photo_unsaved($parent=null) { - $rand = rand(); + $rand = mt_rand(); $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent ? $parent->id : 1; @@ -49,16 +49,16 @@ class test_Core { } static function random_user($password="password") { - $rand = "name_" . rand(); + $rand = "name_" . mt_rand(); return identity::create_user($rand, $rand, $password, "$rand@rand.com"); } static function random_group() { - return identity::create_group((string)rand()); + return identity::create_group((string)mt_rand()); } static function random_name($item=null) { - $rand = "name_" . rand(); + $rand = "name_" . mt_rand(); if ($item && $item->is_photo()) { $rand .= ".jpg"; } @@ -77,7 +77,7 @@ class test_Core { static function random_tag() { $tag = ORM::factory("tag"); - $tag->name = (string)rand(); + $tag->name = (string)mt_rand(); // Reload so that ORM coerces all fields into strings. return $tag->save()->reload(); diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index d8c69e94..4d7a4a1b 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = md5($user->name . rand()); + $key->access_key = md5($user->name . time() . mt_rand()); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = md5($user->name . rand()); + $key->access_key = md5($user->name . time() . mt_rand()); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); + $key->access_key = md5($data->user->name . time() . mt_rand()); $key->save(); } $view->rest_key = $key->access_key; -- cgit v1.2.3 From cd48b89f3166e7fa732b5cb06d33fba018af9127 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 14:57:00 -0800 Subject: Consolidate all the random code into a random helper that offers: random::hash() random::string() random::percent() random::int() So that we don't have lots of different ways to get random values all over the code. Follow-on to #1527. --- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/gallery_installer.php | 4 +- modules/gallery/helpers/item.php | 2 +- modules/gallery/helpers/random.php | 50 +++++++++++++++++++++++ modules/gallery/models/item.php | 6 +-- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 30 +++++++------- modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 14 +++---- modules/gallery_unit_test/helpers/test.php | 12 +++--- modules/rest/helpers/rest.php | 2 +- modules/rest/helpers/rest_event.php | 6 +-- modules/user/controllers/password.php | 2 +- 17 files changed, 96 insertions(+), 46 deletions(-) create mode 100644 modules/gallery/helpers/random.php (limited to 'modules/gallery') diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index a9e49de7..bc0c7c5e 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -28,7 +28,7 @@ class Digibug_Controller extends Controller { $thumb_url = $item->thumb_url(true); } else { $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(mt_rand()); + $proxy->uuid = random::hash(); $proxy->item_id = $item->id; $proxy->save(); $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid"); diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php index 6f9e20df..d331b0ae 100644 --- a/modules/digibug/tests/Digibug_Controller_Test.php +++ b/modules/digibug/tests/Digibug_Controller_Test.php @@ -36,7 +36,7 @@ class Digibug_Controller_Test extends Gallery_Unit_Test_Case { access::deny(identity::registered_users(), "view_full", $album); $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = md5(mt_rand()); + $proxy->uuid = random::hash(); $proxy->item_id = $photo->id; return $proxy->save(); } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 50f6b8f0..66c71648 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -23,7 +23,7 @@ class Upgrader_Controller extends Controller { // Make sure we have an upgrade token if (!($upgrade_token = $session->get("upgrade_token", null))) { - $session->set("upgrade_token", $upgrade_token = md5(time() . mt_rand())); + $session->set("upgrade_token", $upgrade_token = random::hash()); } // If the upgrade token exists, then bless this session diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 6a948999..a7ac3f9f 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -426,7 +426,7 @@ class access_Core { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { - $csrf = md5(time() . mt_rand()); + $csrf = random::hash(); $session->set("csrf", $csrf); } return $csrf; diff --git a/modules/gallery/helpers/block_manager.php b/modules/gallery/helpers/block_manager.php index e7247edc..4bd649c2 100644 --- a/modules/gallery/helpers/block_manager.php +++ b/modules/gallery/helpers/block_manager.php @@ -28,7 +28,7 @@ class block_manager_Core { static function add($location, $module_name, $block_id) { $blocks = block_manager::get_active($location); - $blocks[mt_rand()] = array($module_name, $block_id); + $blocks[random::int()] = array($module_name, $block_id); block_manager::set_active($location, $blocks); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 9c42caad..a6b8e6a2 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -459,7 +459,7 @@ class gallery_installer { $blocks = block_manager::get_active($location); $new_blocks = array(); foreach ($blocks as $block) { - $new_blocks[mt_rand()] = $block; + $new_blocks[random::int()] = $block; } block_manager::set_active($location, $new_blocks); } @@ -507,7 +507,7 @@ class gallery_installer { ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { - $new_slug = mt_rand(); + $new_slug = random::int(); } db::build() ->update("items") diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 052b1c8e..664da812 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -232,7 +232,7 @@ class item_Core { // distributed so this is going to be more efficient with larger data sets. return ORM::factory("item") ->viewable() - ->where("rand_key", "<", ((float)mt_rand()) / (float)mt_getrandmax()) + ->where("rand_key", "<", random::percent()) ->order_by("rand_key", "DESC"); } } \ No newline at end of file diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php new file mode 100644 index 00000000..a26762bd --- /dev/null +++ b/modules/gallery/helpers/random.php @@ -0,0 +1,50 @@ +loaded()) { // Set reasonable defaults $this->created = time(); - $this->rand_key = ((float)mt_rand()) / (float)mt_getrandmax(); + $this->rand_key = random::percent(); $this->thumb_dirty = 1; $this->resize_dirty = 1; $this->sort_column = "created"; @@ -390,7 +390,7 @@ class Item_Model_Core extends ORM_MPTT { if (file_exists($this->resize_path()) || file_exists($this->thumb_path())) { $pi = pathinfo($this->name); - $this->name = $pi["filename"] . "-" . mt_rand() . "." . $pi["extension"]; + $this->name = $pi["filename"] . "-" . random::int() . "." . $pi["extension"]; parent::save(); } @@ -512,7 +512,7 @@ class Item_Model_Core extends ORM_MPTT { ->or_where("slug", "=", $this->slug) ->close() ->find()->id) { - $rand = mt_rand(); + $rand = random::int(); if ($base_ext) { $this->name = "$base_name-$rand.$base_ext"; } else { diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index 86c74890..35a3bdbb 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -31,7 +31,7 @@ class Albums_Controller_Test extends Gallery_Unit_Test_Case { $album = test::random_album(); // Randomize to avoid conflicts. - $new_name = "new_name_" . mt_rand(); + $new_name = "new_name_" . random::string(6); $_POST["name"] = $new_name; $_POST["title"] = "new title"; diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index 6cee2862..b95ef0a2 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -27,7 +27,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { public function cache_exists_test() { $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); - $id = md5(mt_rand()); + $id = random::hash(); db::build() ->insert("caches") ->columns("key", "tags", "expiration", "cache") @@ -38,7 +38,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_test() { - $id = md5(mt_rand()); + $id = random::hash(); db::build() ->insert("caches") @@ -54,7 +54,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_set_test() { - $id = md5(mt_rand()); + $id = random::hash(); $original_data = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id => $original_data), array("tag1", "tag2"), 84600); @@ -63,15 +63,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_get_tag_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 84600); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -86,15 +86,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_id_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -106,15 +106,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_tag_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); @@ -126,15 +126,15 @@ class Cache_Test extends Gallery_Unit_Test_Case { } public function cache_delete_all_test() { - $id1 = md5(mt_rand()); + $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); - $id2 = md5(mt_rand()); + $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); - $id3 = md5(mt_rand()); + $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index c93cc239..26db5a63 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -92,7 +92,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_conflicts_result_in_a_rename_test() { - $rand = mt_rand(); + $rand = random::int(); $photo1 = test::random_photo_unsaved(item::root()); $photo1->name = "{$rand}.jpg"; $photo1->slug = (string)$rand; diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 0d6d10af..4987d2f9 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -278,10 +278,10 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function basic_validation_test() { $item = ORM::factory("item"); - $item->album_cover_item_id = mt_rand(); // invalid + $item->album_cover_item_id = random::int(); // invalid $item->description = str_repeat("x", 70000); // invalid $item->name = null; - $item->parent_id = mt_rand(); + $item->parent_id = random::int(); $item->slug = null; $item->sort_column = "bogus"; $item->sort_order = "bogus"; @@ -411,24 +411,24 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function urls_test() { $photo = test::random_photo(); $this->assert_true( - preg_match("|http://./var/resizes/name_\d+\.jpg\?m=\d+|", $photo->resize_url()), + preg_match("|http://./var/resizes/name_\w+\.jpg\?m=\d+|", $photo->resize_url()), $photo->resize_url() . " is malformed"); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+\.jpg\?m=\d+|", $photo->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+\.jpg\?m=\d+|", $photo->thumb_url()), $photo->thumb_url() . " is malformed"); $this->assert_true( - preg_match("|http://./var/albums/name_\d+\.jpg\?m=\d+|", $photo->file_url()), + preg_match("|http://./var/albums/name_\w+\.jpg\?m=\d+|", $photo->file_url()), $photo->file_url() . " is malformed"); // Albums have special thumbnails. Empty album has cachebuster of 0 since it has no thumbnail $album = test::random_album(); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=0|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), $album->thumb_url() . " is malformed"); $photo = test::random_photo($album); $this->assert_true( - preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); } diff --git a/modules/gallery_unit_test/helpers/test.php b/modules/gallery_unit_test/helpers/test.php index d5149492..65c7f6b4 100644 --- a/modules/gallery_unit_test/helpers/test.php +++ b/modules/gallery_unit_test/helpers/test.php @@ -19,7 +19,7 @@ */ class test_Core { static function random_album_unsaved($parent=null) { - $rand = mt_rand(); + $rand = random::string(6); $album = ORM::factory("item"); $album->type = "album"; @@ -34,7 +34,7 @@ class test_Core { } static function random_photo_unsaved($parent=null) { - $rand = mt_rand(); + $rand = random::string(6); $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent ? $parent->id : 1; @@ -49,16 +49,16 @@ class test_Core { } static function random_user($password="password") { - $rand = "name_" . mt_rand(); + $rand = "name_" . random::string(6); return identity::create_user($rand, $rand, $password, "$rand@rand.com"); } static function random_group() { - return identity::create_group((string)mt_rand()); + return identity::create_group(random::string(6)); } static function random_name($item=null) { - $rand = "name_" . mt_rand(); + $rand = "name_" . random::string(6); if ($item && $item->is_photo()) { $rand .= ".jpg"; } @@ -77,7 +77,7 @@ class test_Core { static function random_tag() { $tag = ORM::factory("tag"); - $tag->name = (string)mt_rand(); + $tag->name = random::string(6); // Reload so that ORM coerces all fields into strings. return $tag->save()->reload(); diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 58943700..9406e209 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -104,7 +104,7 @@ class rest_Core { if (!$key->loaded()) { $key->user_id = identity::active_user()->id; - $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); + $key->access_key = md5(random::hash() . access::private_key()); $key->save(); } diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index 4d7a4a1b..9e241bd0 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = md5($user->name . time() . mt_rand()); + $key->access_key = random::hash($user->name); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = md5($user->name . time() . mt_rand()); + $key->access_key = random::hash($user->name); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . time() . mt_rand()); + $key->access_key = random::hash($data->user->name); $key->save(); } $view->rest_key = $key->access_key; diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2e5eac5f..567e56dc 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -51,7 +51,7 @@ class Password_Controller extends Controller { $user_name = $form->reset->inputs["name"]->value; $user = user::lookup_by_name($user_name); if ($user && !empty($user->email)) { - $user->hash = md5(uniqid(mt_rand(), true)); + $user->hash = random::hash(); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); -- cgit v1.2.3 From b9e11a6f93077a2b012e0a4314667c5b0cf06291 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 15 Dec 2010 15:15:48 -0800 Subject: Don't show the "can't find ffmpeg" message to non-admins. Fixes #1528. --- modules/gallery/views/form_uploadify.html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 893bb3b9..77b6d493 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -112,7 +112,7 @@
- + admin && !$movies_allowed)): ?>

@@ -122,7 +122,7 @@

- + admin && !$movies_allowed): ?>

ffmpeg on your system. Movie uploading disabled. Help!", array("help_url" => "http://codex.gallery2.org/Gallery3:FAQ#Why_does_it_say_I.27m_missing_ffmpeg.3F")) ?>

-- cgit v1.2.3 From 53a2652fd6ba652b1b6604f8a4930403376a3ef5 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Dec 2010 20:36:00 -0800 Subject: Create url::merge_querystring() which merges a query string into an existing url. Fixes #1537. --- modules/gallery/helpers/MY_url.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 877c5ada..d3ab1b4d 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -101,4 +101,18 @@ class url extends url_Core { static function current($qs=false, $suffix=false) { return htmlspecialchars(parent::current($qs, $suffix)); } + + /** + * Merge extra an query string onto a given url safely. + * @param string the original url + * @param array the query string data in key=value form + */ + static function merge_querystring($url, $query_params) { + $qs = implode("&", $query_params); + if (strpos($url, "?") === false) { + return $url . "?$qs"; + } else { + return $url . "&$qs"; + } + } } -- cgit v1.2.3 From 7e31f97b4cbc5cf1894611de1e9de7a3efc6ad50 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Dec 2010 20:37:00 -0800 Subject: Improve Item_Model::as_restful_array() to take an array of fields so that we only return the fields we care about. This improves performance when retrieving large numbers of items. Fixes #1536. --- modules/gallery/models/item.php | 82 ++++++++++++++++++++++++++++++----------- 1 file changed, 61 insertions(+), 21 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index ad577066..fc5c3ff9 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -987,48 +987,88 @@ class Item_Model_Core extends ORM_MPTT { /** * Same as ORM::as_array() but convert id fields into their RESTful form. + * + * @param array if specified, only return the named fields */ - public function as_restful_array() { + public function as_restful_array($fields=array()) { + if ($fields) { + $data = array(); + foreach ($fields as $field) { + if (isset($this->object[$field])) { + $data[$field] = $this->__get($field); + } + } + $fields = array_flip($fields); + } else { + $data = $this->as_array(); + } + // Convert item ids to rest URLs for consistency - $data = $this->as_array(); - if ($tmp = $this->parent()) { - $data["parent"] = rest::url("item", $tmp); + if (empty($fields) || isset($fields["parent"])) { + if ($tmp = $this->parent()) { + $data["parent"] = rest::url("item", $tmp); + } + unset($data["parent_id"]); } - unset($data["parent_id"]); - if ($tmp = $this->album_cover()) { - $data["album_cover"] = rest::url("item", $tmp); + + if (empty($fields) || isset($fields["album_cover"])) { + if ($tmp = $this->album_cover()) { + $data["album_cover"] = rest::url("item", $tmp); + } + unset($data["album_cover_item_id"]); } - unset($data["album_cover_item_id"]); - $data["web_url"] = $this->abs_url(); + if (empty($fields) || isset($fields["web_url"])) { + $data["web_url"] = $this->abs_url(); + } if (!$this->is_album()) { if (access::can("view_full", $this)) { - $data["file_url"] = rest::url("data", $this, "full"); - $data["file_size"] = filesize($this->file_path()); - } - if (access::user_can(identity::guest(), "view_full", $this)) { - $data["file_url_public"] = $this->file_url(true); + if (empty($fields) || isset($fields["file_url"])) { + $data["file_url"] = rest::url("data", $this, "full"); + } + if (empty($fields) || isset($fields["file_size"])) { + $data["file_size"] = filesize($this->file_path()); + } + if (access::user_can(identity::guest(), "view_full", $this)) { + if (empty($fields) || isset($fields["file_url_public"])) { + $data["file_url_public"] = $this->file_url(true); + } + } } } if ($this->is_photo()) { - $data["resize_url"] = rest::url("data", $this, "resize"); - $data["resize_size"] = filesize($this->resize_path()); + if (empty($fields) || isset($fields["resize_url"])) { + $data["resize_url"] = rest::url("data", $this, "resize"); + } + if (empty($fields) || isset($fields["resize_size"])) { + $data["resize_size"] = filesize($this->resize_path()); + } if (access::user_can(identity::guest(), "view", $this)) { - $data["resize_url_public"] = $this->resize_url(true); + if (empty($fields) || isset($fields["resize_url_public"])) { + $data["resize_url_public"] = $this->resize_url(true); + } } } if ($this->has_thumb()) { - $data["thumb_url"] = rest::url("data", $this, "thumb"); - $data["thumb_size"] = filesize($this->thumb_path()); + if (empty($fields) || isset($fields["thumb_url"])) { + $data["thumb_url"] = rest::url("data", $this, "thumb"); + } + if (empty($fields) || isset($fields["thumb_size"])) { + $data["thumb_size"] = filesize($this->thumb_path()); + } if (access::user_can(identity::guest(), "view", $this)) { - $data["thumb_url_public"] = $this->thumb_url(true); + if (empty($fields) || isset($fields["thumb_url_public"])) { + $data["thumb_url_public"] = $this->thumb_url(true); + } } } - $data["can_edit"] = access::can("edit", $this); + if (empty($fields) || isset($fields["can_edit"])) { + $data["can_edit"] = access::can("edit", $this); + } // Elide some internal-only data that is going to cause confusion in the client. foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", -- cgit v1.2.3 From 7eaf49a6ca97afbe6c82fc830602e7006d53f704 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Dec 2010 20:38:01 -0800 Subject: Create a "tree" rest resource that can return the entire album tree in a single fast request, among other operations. Fixes #1538. --- modules/gallery/helpers/tree_rest.php | 91 +++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 modules/gallery/helpers/tree_rest.php (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/tree_rest.php b/modules/gallery/helpers/tree_rest.php new file mode 100644 index 00000000..616bebe3 --- /dev/null +++ b/modules/gallery/helpers/tree_rest.php @@ -0,0 +1,91 @@ + + * Only traverse this far down into the tree. If there are more albums + * below this depth, provide RESTful urls to other tree resources in + * the members section. Default is infinite. + * + * type= + * Restrict the items displayed to the given type. Default is all types. + * + * fields= + * In the entity section only return these fields for each item. + * Default is all fields. + */ + static function get($request) { + $item = rest::resolve($request->url); + access::required("view", $item); + + $query_params = array(); + $p = $request->params; + $where = array(); + if (isset($p->type)) { + $where[] = array("type", "=", $p->type); + $query_params[] = "type={$p->type}"; + } + + if (isset($p->depth)) { + $lowest_depth = $item->level + $p->depth; + $where[] = array("level", "<=", $lowest_depth); + $query_params[] = "depth={$p->depth}"; + } + + $fields = array(); + if (isset($p->fields)) { + $fields = explode(",", $p->fields); + $query_params[] = "fields={$p->fields}"; + } + + $entity = array(); + $members = array(); + foreach ($item->viewable()->descendants(null, null, $where) as $child) { + $entity[] = array("url" => rest::url("item", $child), + "entity" => $child->as_restful_array($fields)); + if (isset($lowest_depth) && $child->level == $lowest_depth) { + $members[] = url::merge_querystring(rest::url("tree", $child), $query_params); + } + } + + $result = array( + "url" => $request->url, + "entity" => $entity, + "members" => $members, + "relationships" => rest::relationships("tree", $item)); + return $result; + } + + static function resolve($id) { + $item = ORM::factory("item", $id); + if (!access::can("view", $item)) { + throw new Kohana_404_Exception(); + } + return $item; + } + + static function url($item) { + return url::abs_site("rest/tree/{$item->id}"); + } +} -- cgit v1.2.3 From 16555935ee45a09b8d5b5b351222631ba2ce2132 Mon Sep 17 00:00:00 2001 From: Kriss Andsten Date: Fri, 17 Dec 2010 11:32:58 +0800 Subject: Fetch permissions for non-albumbs by parent rather than by item, allowing the result to be cached. --- modules/gallery/helpers/access.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index a7ac3f9f..bfe02b3c 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,8 +99,15 @@ class access_Core { return true; } + /* + We do this for cache reasons - if you check n photos in an album, it makes more sense + to check the album permissions once and let the cache deal with that, rather than check + every item individually and generate cache misses. + */ + $id = ($item->type == 'album') ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); + $item : model_cache::get("access_cache", $id, "item_id"); + foreach ($user->groups() as $group) { if ($resource->__get("{$perm_name}_{$group->id}") === access::ALLOW) { return true; @@ -136,8 +143,15 @@ class access_Core { * @return boolean */ static function group_can($group, $perm_name, $item) { + /* + We do this for cache reasons - if you check n photos in an album, it makes more sense + to check the album permissions once and let the cache deal with that, rather than check + every item individually and generate cache misses. + */ + $id = ($item->type == 'album') ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); + $item : model_cache::get("access_cache", $id, "item_id"); + return $resource->__get("{$perm_name}_{$group->id}") === access::ALLOW; } -- cgit v1.2.3 From 6e58fced201705d73f5e080f16f482ae0f15e333 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Dec 2010 21:01:51 -0800 Subject: Follow on to 16555935ee45a09b8d5b5b351222631ba2ce2132 to clean up the style a bit. Tracked in #1539. --- modules/gallery/helpers/access.php | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index bfe02b3c..4148049a 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,15 +99,12 @@ class access_Core { return true; } - /* - We do this for cache reasons - if you check n photos in an album, it makes more sense - to check the album permissions once and let the cache deal with that, rather than check - every item individually and generate cache misses. - */ - $id = ($item->type == 'album') ? $item->id : $item->parent_id; + // Use the nearest parent album (including the current item) so that we take advantage + // of the cache when checking many items in a single album. + $id = ($item->type == "album") ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? $item : model_cache::get("access_cache", $id, "item_id"); - + foreach ($user->groups() as $group) { if ($resource->__get("{$perm_name}_{$group->id}") === access::ALLOW) { return true; @@ -143,15 +140,12 @@ class access_Core { * @return boolean */ static function group_can($group, $perm_name, $item) { - /* - We do this for cache reasons - if you check n photos in an album, it makes more sense - to check the album permissions once and let the cache deal with that, rather than check - every item individually and generate cache misses. - */ - $id = ($item->type == 'album') ? $item->id : $item->parent_id; + // Use the nearest parent album (including the current item) so that we take advantage + // of the cache when checking many items in a single album. + $id = ($item->type == "album") ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? $item : model_cache::get("access_cache", $id, "item_id"); - + return $resource->__get("{$perm_name}_{$group->id}") === access::ALLOW; } -- cgit v1.2.3 From b6c202d572a2abd5fdd0205bc4d0127d3291ec24 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Dec 2010 22:18:04 -0800 Subject: Swap the order of the CSS and JS for performance. Fixes #1540. --- modules/gallery/libraries/Admin_View.php | 2 +- modules/gallery/libraries/Theme_View.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 88d86a7d..74ed4fb3 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -93,8 +93,8 @@ class Admin_View_Core extends Gallery_View { } if ($function == "admin_head") { - array_unshift($blocks, $this->combine_files($this->css, "css")); array_unshift($blocks, $this->combine_files($this->scripts, "javascript")); + array_unshift($blocks, $this->combine_files($this->css, "css")); } if (Session::instance()->get("debug")) { diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 7a6bc1da..d22bb03a 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -284,8 +284,8 @@ class Theme_View_Core extends Gallery_View { if ($function == "head") { // Merge the theme CSS/JS at the end $this->css = array_merge($this->css, $save_css); - array_unshift($blocks, $this->combine_files($this->css, "css")); array_unshift($blocks, $this->combine_files($this->scripts, "javascript")); + array_unshift($blocks, $this->combine_files($this->css, "css")); } if (Session::instance()->get("debug")) { -- cgit v1.2.3 From e60edcdeba577e8cdbdbbc700cb3dfe9d0dd9443 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 17 Dec 2010 17:30:00 -0800 Subject: Include the root in the tree output. --- modules/gallery/helpers/tree_rest.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/tree_rest.php b/modules/gallery/helpers/tree_rest.php index 616bebe3..21928cbe 100644 --- a/modules/gallery/helpers/tree_rest.php +++ b/modules/gallery/helpers/tree_rest.php @@ -59,7 +59,8 @@ class tree_rest_Core { $query_params[] = "fields={$p->fields}"; } - $entity = array(); + $entity = array(array("url" => rest::url("item", $item), + "entity" => $item->as_restful_array($fields))); $members = array(); foreach ($item->viewable()->descendants(null, null, $where) as $child) { $entity[] = array("url" => rest::url("item", $child), -- cgit v1.2.3 From dbb9b8b1c8ee5395a65b6329c793e7a2c398ef00 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 17 Dec 2010 22:19:46 -0800 Subject: Sort the Admin > Settings menu instead of relying on module activation order. Requires making Menu::get() return a reference. Fixes #1545. --- modules/gallery/helpers/gallery_event.php | 3 +++ modules/gallery/libraries/Admin_View.php | 4 ++++ modules/gallery/libraries/Menu.php | 5 +++-- 3 files changed, 10 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index b59bb9b9..cbb939bb 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -371,6 +371,9 @@ class gallery_event_Core { ->id("admin_menu") ->label(t("Admin"))); module::event("admin_menu", $admin_menu, $theme); + + $settings_menu = $admin_menu->get("settings_menu"); + sort($settings_menu->elements); } } } diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 74ed4fb3..11f8ad14 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -44,6 +44,10 @@ class Admin_View_Core extends Gallery_View { public function admin_menu() { $menu = Menu::factory("root"); module::event("admin_menu", $menu, $this); + + $settings_menu = $menu->get("settings_menu"); + sort($settings_menu->elements); + return $menu->render(); } diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php index 3ad6ebef..58852a72 100644 --- a/modules/gallery/libraries/Menu.php +++ b/modules/gallery/libraries/Menu.php @@ -223,12 +223,13 @@ class Menu_Core extends Menu_Element { /** * Retrieve a Menu_Element by id */ - public function get($id) { + public function &get($id) { if (array_key_exists($id, $this->elements)) { return $this->elements[$id]; } - return null; + $null = null; + return $null; } public function is_empty() { -- cgit v1.2.3 From 612ddd7050889974fc1f7e449e715b4c1129c0bb Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 18 Dec 2010 11:55:04 -0800 Subject: Warn admins after login if their PHP install has the session.use_trans_sid feature enabled, since this will cause random logouts. Partial fix for #1316. --- modules/gallery/helpers/gallery_event.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index cbb939bb..5d3ee6ee 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -178,6 +178,10 @@ class gallery_event_Core { } Session::instance()->set("active_auth_timestamp", time()); auth::clear_failed_attempts($user); + + if ($user->admin && ini_get("session.use_trans_sid")) { + message::info(t("PHP is configured with session.use_trans_sid enabled which will cause random logouts. Please disable this setting.", array("url" => "http://www.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid"))); + } } static function user_auth_failed($name) { -- cgit v1.2.3 From 48640005a4edac955d9087f62fed1ab5f756b686 Mon Sep 17 00:00:00 2001 From: Kriss Andsten Date: Tue, 21 Dec 2010 09:03:46 +0800 Subject: Packaging + tests of Bharat's find_by_path routine. --- modules/gallery/helpers/item.php | 25 +++++++++++++++- modules/gallery/tests/Item_Helper_Test.php | 48 ++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 664da812..dbad59b9 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -208,7 +208,30 @@ class item_Core { return $model; } - + + static function find_by_path($path) { + $path = trim($path, '/'); + + // The root path name is NULL, not '', hence this workaround. + if ($path == '') { + return ORM::factory("item", 1); + } + + $paths = explode("/", $path); + $count = count($paths); + foreach (ORM::factory("item") + ->where('name', '=', $paths[$count - 1]) + ->where('level', '=', $count + 1) + ->find_all() as $item) { + if (urldecode($item->relative_path()) == $path) { + return $item; + } + } + + return false; + } + + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 26db5a63..1fced654 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -125,4 +125,52 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_same($photo2->id, $album->album_cover_item_id); $this->assert_same($photo2->id, $parent->album_cover_item_id); } + + public function find_by_path_does_the_right_thing_test() { + $level1 = test::random_album(); + $level2 = test::random_album($level1); + $level3 = test::random_photo($level2); + $level3->name = 'same.jpg'; + $level3->save(); + + $level2b = test::random_album($level1); + $level3b = test::random_photo($level2b); + $level3b->name = 'same.jpg'; + $level3b->save(); + + // Item in album + $this->assert_same( + item::find_by_path('/' . $level1->name . '/' . $level2->name . '/' . $level3->name)->id, + $level3->id); + + // Album, ends with a slash + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2->name . '/')->id, + $level2->id); + + // Album, ends without a slash + $this->assert_same( + item::find_by_path('/' . $level1->name . '/' . $level2->name)->id, + $level2->id); + + // Return root if '' is passed + $this->assert_same( + item::find_by_path('')->id, + "1"); + + // Verify that we don't get confused by the part names + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2->name . '/' . $level3->name)->id, + $level3->id); + + $this->assert_same( + item::find_by_path($level1->name . '/' . $level2b->name . '/' . $level3b->name)->id, + $level3b->id); + + // Verify that we don't get false positives + $this->assert_same( + item::find_by_path('foo/bar/baz'), + false); + + } } -- cgit v1.2.3 From addd384bbdca6a9f066403c1d2919f3e863e072e Mon Sep 17 00:00:00 2001 From: Kriss Andsten Date: Wed, 22 Dec 2010 07:55:26 +0800 Subject: Minor changes to satisfy the G3 code standards. --- modules/gallery/helpers/item.php | 15 ++++++++++----- modules/gallery/tests/Item_Helper_Test.php | 18 +++++++++--------- 2 files changed, 19 insertions(+), 14 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index dbad59b9..f38d9888 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -208,20 +208,25 @@ class item_Core { return $model; } - + + /** + * Return an item by path. + * @param string $path + * @return object item + */ static function find_by_path($path) { - $path = trim($path, '/'); + $path = trim($path, "/"); // The root path name is NULL, not '', hence this workaround. if ($path == '') { - return ORM::factory("item", 1); + return ORM::factory("item", item::root()); } $paths = explode("/", $path); $count = count($paths); foreach (ORM::factory("item") - ->where('name', '=', $paths[$count - 1]) - ->where('level', '=', $count + 1) + ->where("name", "=", $paths[$count - 1]) + ->where("level", "=", $count + 1) ->find_all() as $item) { if (urldecode($item->relative_path()) == $path) { return $item; diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 1fced654..4bc64ff0 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -130,46 +130,46 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level1 = test::random_album(); $level2 = test::random_album($level1); $level3 = test::random_photo($level2); - $level3->name = 'same.jpg'; + $level3->name = "same.jpg"; $level3->save(); $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); - $level3b->name = 'same.jpg'; + $level3b->name = "same.jpg"; $level3b->save(); // Item in album $this->assert_same( - item::find_by_path('/' . $level1->name . '/' . $level2->name . '/' . $level3->name)->id, + item::find_by_path("/" . $level1->name . "/" . $level2->name . "/" . $level3->name)->id, $level3->id); // Album, ends with a slash $this->assert_same( - item::find_by_path($level1->name . '/' . $level2->name . '/')->id, + item::find_by_path($level1->name . "/" . $level2->name . "/")->id, $level2->id); // Album, ends without a slash $this->assert_same( - item::find_by_path('/' . $level1->name . '/' . $level2->name)->id, + item::find_by_path("/" . $level1->name . "/" . $level2->name)->id, $level2->id); // Return root if '' is passed $this->assert_same( - item::find_by_path('')->id, + item::find_by_path("")->id, "1"); // Verify that we don't get confused by the part names $this->assert_same( - item::find_by_path($level1->name . '/' . $level2->name . '/' . $level3->name)->id, + item::find_by_path($level1->name . "/" . $level2->name . "/" . $level3->name)->id, $level3->id); $this->assert_same( - item::find_by_path($level1->name . '/' . $level2b->name . '/' . $level3b->name)->id, + item::find_by_path($level1->name . "/" . $level2b->name . "/" . $level3b->name)->id, $level3b->id); // Verify that we don't get false positives $this->assert_same( - item::find_by_path('foo/bar/baz'), + item::find_by_path("foo/bar/baz"), false); } -- cgit v1.2.3 From c7096cc9ebe4b737c06629b975317aaa9806297f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:32:02 -0800 Subject: Fix assertion order to be (expected,actual) Change strinct concatenation to be variable interpolation to tighten it up. --- modules/gallery/tests/Item_Helper_Test.php | 47 ++++++++++++++---------------- 1 file changed, 22 insertions(+), 25 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4bc64ff0..d60380f0 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -126,51 +126,48 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_same($photo2->id, $parent->album_cover_item_id); } - public function find_by_path_does_the_right_thing_test() { + public function find_by_path_test() { $level1 = test::random_album(); - $level2 = test::random_album($level1); + $level2 = test::random_album($level1); $level3 = test::random_photo($level2); $level3->name = "same.jpg"; $level3->save(); - + $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); $level3b->name = "same.jpg"; $level3b->save(); - + // Item in album $this->assert_same( - item::find_by_path("/" . $level1->name . "/" . $level2->name . "/" . $level3->name)->id, - $level3->id); - + $level3->id, + item::find_by_path("/{$level1->name}/{$level2->name}/{$level3->name}")->id); + // Album, ends with a slash $this->assert_same( - item::find_by_path($level1->name . "/" . $level2->name . "/")->id, - $level2->id); - + $level2->id, + item::find_by_path("{$level1->name}/{$level2->name}/")->id); + // Album, ends without a slash $this->assert_same( - item::find_by_path("/" . $level1->name . "/" . $level2->name)->id, - $level2->id); - - // Return root if '' is passed - $this->assert_same( - item::find_by_path("")->id, - "1"); + $level2->id, + item::find_by_path("/{$level1->name}/{$level2->name}")->id); + + // Return root if "" is passed + $this->assert_same(item::root()->id, item::find_by_path("")->id); // Verify that we don't get confused by the part names $this->assert_same( - item::find_by_path($level1->name . "/" . $level2->name . "/" . $level3->name)->id, - $level3->id); + $level3->id, + item::find_by_path("{$level1->name}/{$level2->name}/{$level3->name}")->id); $this->assert_same( - item::find_by_path($level1->name . "/" . $level2b->name . "/" . $level3b->name)->id, - $level3b->id); - + $level3b->id, + item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); + // Verify that we don't get false positives $this->assert_same( - item::find_by_path("foo/bar/baz"), - false); - + false, + item::find_by_path("foo/bar/baz")); } } -- cgit v1.2.3 From f493130e59f26d41f090c5ca40e95b416b9b154b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:55:01 -0800 Subject: Tighten up item::find_by_path slightly. Augment the tests to cover special characters in the file name ("+" is an edge case differentiator between rawurlencode and urlencode). --- modules/gallery/helpers/item.php | 25 ++++++++++++------------- modules/gallery/tests/Item_Helper_Test.php | 2 +- 2 files changed, 13 insertions(+), 14 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index f38d9888..3596a2bf 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -210,33 +210,32 @@ class item_Core { } /** - * Return an item by path. + * Find an item by its path. If there's no match, return an empty Item_Model. * @param string $path - * @return object item + * @return object Item_Model */ static function find_by_path($path) { $path = trim($path, "/"); - - // The root path name is NULL, not '', hence this workaround. - if ($path == '') { - return ORM::factory("item", item::root()); + + // The root path name is NULL not "", hence this workaround. + if ($path == "") { + return item::root(); } - + $paths = explode("/", $path); - $count = count($paths); foreach (ORM::factory("item") - ->where("name", "=", $paths[$count - 1]) - ->where("level", "=", $count + 1) + ->where("name", "=", end($paths)) + ->where("level", "=", count($paths) + 1) ->find_all() as $item) { if (urldecode($item->relative_path()) == $path) { return $item; } } - + return false; } - - + + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index d60380f0..4124e453 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -135,7 +135,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level2b = test::random_album($level1); $level3b = test::random_photo($level2b); - $level3b->name = "same.jpg"; + $level3b->name = "has spaces+plusses.jpg"; $level3b->save(); // Item in album -- cgit v1.2.3 From 2a08cbf76da0f9984c0e182e6c448b516d8d7db3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 16:58:54 -0800 Subject: Return an empty Item_Model when item::find_by_path fails --- modules/gallery/helpers/item.php | 2 +- modules/gallery/tests/Item_Helper_Test.php | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 3596a2bf..08a04ad0 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -232,7 +232,7 @@ class item_Core { } } - return false; + return new Item_Model(); } diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4124e453..0aa7504e 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -166,8 +166,7 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); // Verify that we don't get false positives - $this->assert_same( - false, - item::find_by_path("foo/bar/baz")); + $this->assert_false( + item::find_by_path("foo/bar/baz")->loaded()); } } -- cgit v1.2.3 From d9299f3b3f4b1a52f5b68399cfcaa96d5b367899 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 19:33:47 -0800 Subject: Change item::find_by_path() to check the relative_path_cache first, and only fall back the name/level comparison if there's no cached entry. Update tests accordingly. --- modules/gallery/helpers/item.php | 16 ++++++++++++++++ modules/gallery/tests/Item_Helper_Test.php | 20 ++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 08a04ad0..bac189f4 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -211,6 +211,7 @@ class item_Core { /** * Find an item by its path. If there's no match, return an empty Item_Model. + * NOTE: the caller is responsible for performing security checks on the resulting item. * @param string $path * @return object Item_Model */ @@ -222,6 +223,21 @@ class item_Core { return item::root(); } + // Check to see if there's an item in the database with a matching relative_path_cache value. + // Since that field is urlencoded, we must urlencoded the components of the path. + foreach (explode("/", $path) as $part) { + $encoded_array[] = rawurlencode($part); + } + $encoded_path = join("/", $encoded_array); + $item = ORM::factory("item") + ->where("relative_path_cache", "=", $encoded_path) + ->find(); + if ($item->loaded()) { + return $item; + } + + // Since the relative_path_cache field is a cache, it can be unavailable. If we don't find + // anything, fall back to checking the path the hard way. $paths = explode("/", $path); foreach (ORM::factory("item") ->where("name", "=", end($paths)) diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 0aa7504e..13ecec2b 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -129,14 +129,21 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { public function find_by_path_test() { $level1 = test::random_album(); $level2 = test::random_album($level1); - $level3 = test::random_photo($level2); + $level3 = test::random_photo_unsaved($level2); $level3->name = "same.jpg"; - $level3->save(); + $level3->save()->reload(); $level2b = test::random_album($level1); - $level3b = test::random_photo($level2b); + $level3b = test::random_photo_unsaved($level2b); $level3b->name = "has spaces+plusses.jpg"; - $level3b->save(); + $level3b->save()->reload(); + + // Make sure that some of the calls below use the fallback code. + db::build() + ->update("items") + ->set(array("relative_url_cache" => null, "relative_path_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); // Item in album $this->assert_same( @@ -168,5 +175,10 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { // Verify that we don't get false positives $this->assert_false( item::find_by_path("foo/bar/baz")->loaded()); + + // Verify that the fallback code works + $this->assert_same( + $level3b->id, + item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); } } -- cgit v1.2.3 From c5ede5881bfdc0544e1ab59984dad7e7dc20a6ac Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 19:36:23 -0800 Subject: Updated to use the new item::find_by_path() API. --- modules/gallery/controllers/file_proxy.php | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index b17310c4..22854fbd 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -56,28 +56,16 @@ class File_Proxy_Controller extends Controller { // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg$|", "", $path); - $encoded_path = array(); - foreach (explode("/", $path) as $path_part) { - $encoded_path[] = rawurlencode($path_part); - } - $encoded_path = implode("/", $encoded_path); - // We now have the relative path to the item. Search for it in the path cache - // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to - // insure that the paths are normalized. - $item = ORM::factory("item") - ->where("relative_path_cache", "=", $encoded_path)->find(); - if (!$item->loaded()) { - // We didn't turn it up. It's possible that the relative_path_cache is out of date here. - // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be - // necessary, it's easily resurrected. - // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail - // for a movie. In that case, the .flv, .mp4 or .m4v file would have been converted to a - // .jpg. So try some alternate types: + $item = item::find_by_path($path); + if (!$item->loaded()) { + // We didn't turn it up. If we're looking for a .jpg then it's it's possible that we're + // requesting the thumbnail for a movie. In that case, the .flv, .mp4 or .m4v file would + // have been converted to a .jpg. So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (array("flv", "mp4", "m4v") as $ext) { - $movie_path = preg_replace('/.jpg$/', ".$ext", $encoded_path); - $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); + $movie_path = preg_replace('/.jpg$/', ".$ext", $path); + $item = item::find_by_path($movie_path); if ($item->loaded()) { break; } -- cgit v1.2.3 From 98fd1e9957ff0d65d1bbb0eaa2df6c1e59487b25 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 20:47:07 -0800 Subject: Implement item::find_by_relative_url with tests. --- modules/gallery/helpers/item.php | 26 +++++++++++ modules/gallery/tests/Item_Helper_Test.php | 70 +++++++++++++++++++++++++----- 2 files changed, 86 insertions(+), 10 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index bac189f4..29dd8603 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -252,6 +252,32 @@ class item_Core { } + /** + * Locate an item using the URL. We assume that the url is in the form /a/b/c where each + * component matches up with an item slug. If there's no match, return an empty Item_Model + * NOTE: the caller is responsible for performing security checks on the resulting item. + * @param string $url the relative url fragment + * @return Item_Model + */ + static function find_by_relative_url($relative_url) { + // In most cases, we'll have an exact match in the relative_url_cache item field. + // but failing that, walk down the tree until we find it. The fallback code will fix caches + // as it goes, so it'll never be run frequently. + $item = ORM::factory("item")->where("relative_url_cache", "=", $relative_url)->find(); + if (!$item->loaded()) { + $segments = explode("/", $relative_url); + foreach (ORM::factory("item") + ->where("slug", "=", end($segments)) + ->where("level", "=", count($segments) + 1) + ->find_all() as $match) { + if ($match->relative_url() == $relative_url) { + $item = $match; + } + } + } + return $item; + } + /** * Return the root Item_Model * @return Item_Model diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 13ecec2b..42acfb18 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -128,23 +128,19 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { public function find_by_path_test() { $level1 = test::random_album(); - $level2 = test::random_album($level1); + $level2 = test::random_album_unsaved($level1); + $level2->name = "plus + space"; + $level2->save()->reload(); + $level3 = test::random_photo_unsaved($level2); $level3->name = "same.jpg"; $level3->save()->reload(); $level2b = test::random_album($level1); $level3b = test::random_photo_unsaved($level2b); - $level3b->name = "has spaces+plusses.jpg"; + $level3b->name = "same.jpg"; $level3b->save()->reload(); - // Make sure that some of the calls below use the fallback code. - db::build() - ->update("items") - ->set(array("relative_url_cache" => null, "relative_path_cache" => null)) - ->where("id", "IN", array($level3->id, $level3b->id)) - ->execute(); - // Item in album $this->assert_same( $level3->id, @@ -163,7 +159,12 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { // Return root if "" is passed $this->assert_same(item::root()->id, item::find_by_path("")->id); - // Verify that we don't get confused by the part names + // Verify that we don't get confused by the part names, using the fallback code. + db::build() + ->update("items") + ->set(array("relative_path_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); $this->assert_same( $level3->id, item::find_by_path("{$level1->name}/{$level2->name}/{$level3->name}")->id); @@ -181,4 +182,53 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $level3b->id, item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id); } + + public function find_by_relative_url_test() { + $level1 = test::random_album(); + $level2 = test::random_album($level1); + $level3 = test::random_photo_unsaved($level2); + $level3->slug = "same"; + $level3->save()->reload(); + + $level2b = test::random_album($level1); + $level3b = test::random_photo_unsaved($level2b); + $level3b->slug = "same"; + $level3b->save()->reload(); + + // Item in album + $this->assert_same( + $level3->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}/{$level3->slug}")->id); + + // Album, ends without a slash + $this->assert_same( + $level2->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}")->id); + + // Return root if "" is passed + $this->assert_same(item::root()->id, item::find_by_relative_url("")->id); + + // Verify that we don't get confused by the part slugs, using the fallback code. + db::build() + ->update("items") + ->set(array("relative_url_cache" => null)) + ->where("id", "IN", array($level3->id, $level3b->id)) + ->execute(); + $this->assert_same( + $level3->id, + item::find_by_relative_url("{$level1->slug}/{$level2->slug}/{$level3->slug}")->id); + + $this->assert_same( + $level3b->id, + item::find_by_relative_url("{$level1->slug}/{$level2b->slug}/{$level3b->slug}")->id); + + // Verify that we don't get false positives + $this->assert_false( + item::find_by_relative_url("foo/bar/baz")->loaded()); + + // Verify that the fallback code works + $this->assert_same( + $level3b->id, + item::find_by_relative_url("{$level1->slug}/{$level2b->slug}/{$level3b->slug}")->id); + } } -- cgit v1.2.3 From 032e6fde5f99c3150a4ae70e410ce314d8c3877a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Dec 2010 20:47:14 -0800 Subject: Change MY_url::parse_url to use item::find_by_relative_url. --- modules/gallery/helpers/MY_url.php | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index d3ab1b4d..8ac26602 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -31,7 +31,7 @@ class url extends url_Core { return; } - $item = self::get_item_from_uri(Router::$current_uri); + $item = item::find_by_relative_url(html_entity_decode(Router::$current_uri, ENT_QUOTES)); if ($item && $item->loaded()) { Router::$controller = "{$item->type}s"; Router::$controller_path = MODPATH . "gallery/controllers/{$item->type}s.php"; @@ -40,32 +40,6 @@ class url extends url_Core { } } - /** - * Locate an item using the URI. We assume that the uri is in the form /a/b/c where each - * component matches up with an item slug. - * @param string $uri the uri fragment - * @return Item_Model - */ - static function get_item_from_uri($uri) { - $current_uri = html_entity_decode($uri, ENT_QUOTES); - // In most cases, we'll have an exact match in the relative_url_cache item field. - // but failing that, walk down the tree until we find it. The fallback code will fix caches - // as it goes, so it'll never be run frequently. - $item = ORM::factory("item")->where("relative_url_cache", "=", $current_uri)->find(); - if (!$item->loaded()) { - $count = count(Router::$segments); - foreach (ORM::factory("item") - ->where("slug", "=", html_entity_decode(Router::$segments[$count - 1], ENT_QUOTES)) - ->where("level", "=", $count + 1) - ->find_all() as $match) { - if ($match->relative_url() == $current_uri) { - $item = $match; - } - } - } - return $item; - } - /** * Just like url::file() except that it returns an absolute URI */ -- cgit v1.2.3 From 2b83918efd387dac1b86667a6c9027758dd4dbef Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Dec 2010 23:16:30 -0800 Subject: Fix PHPDoc for composite(). --- modules/gallery/helpers/gallery_graphics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index 6038a95b..fca18076 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -75,7 +75,7 @@ class gallery_graphics_Core { /** * Overlay an image on top of the input file. * - * Valid options are: file, mime_type, position, transparency_percent, padding + * Valid options are: file, position, transparency, padding * * Valid positions: northwest, north, northeast, * west, center, east, -- cgit v1.2.3 From b5ba61fc53e44d55978dd0d35ada80da4c47715d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Dec 2010 23:34:04 -0800 Subject: Create a way for controllers to exempty themselves from maintenance mode and private gallery mode by setting the following constants in the controller to true. ALLOW_MAINTENANCE_MODE ALLOW_PRIVATE_GALLERY Fixes #1411 and the subsequent refactoring fixes #1551 as well. --- modules/digibug/controllers/digibug.php | 2 + modules/gallery/controllers/combined.php | 3 ++ modules/gallery/controllers/login.php | 2 + modules/gallery/helpers/gallery.php | 68 ++++++++++++++++++-------------- modules/rest/controllers/rest.php | 2 + 5 files changed, 48 insertions(+), 29 deletions(-) (limited to 'modules/gallery') diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index bc0c7c5e..22bbe1a6 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -18,6 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Digibug_Controller extends Controller { + const ALLOW_PRIVATE_GALLERY = true; + public function print_photo($id) { access::verify_csrf(); $item = ORM::factory("item", $id); diff --git a/modules/gallery/controllers/combined.php b/modules/gallery/controllers/combined.php index 4b1a342a..64f8d22b 100644 --- a/modules/gallery/controllers/combined.php +++ b/modules/gallery/controllers/combined.php @@ -18,6 +18,9 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Combined_Controller extends Controller { + const ALLOW_MAINTENANCE_MODE = true; + const ALLOW_PRIVATE_GALLERY = true; + /** * Return the combined Javascript bundle associated with the given key. */ diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 62d33345..adb2e50b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -18,6 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Login_Controller extends Controller { + const ALLOW_MAINTENANCE_MODE = true; + const ALLOW_PRIVATE_GALLERY = true; public function ajax() { $view = new View("login_ajax.html"); diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 2bb55ccb..69aabc4f 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -25,18 +25,27 @@ class gallery_Core { * down for maintenance" page. */ static function maintenance_mode() { - // @todo: we need a mechanism here to identify controllers that are still legally accessible - // when the entire Gallery is in maintenance mode. Perhaps a controller class function or - // method? - // https://sourceforge.net/apps/trac/gallery/ticket/1411 - if (Router::$controller != "login" && - Router::$controller != "combined" && - module::get_var("gallery", "maintenance_mode", 0) && + if (module::get_var("gallery", "maintenance_mode", 0) && !identity::active_user()->admin) { - Session::instance()->set("continue_url", url::abs_site("admin/maintenance")); - Router::$controller = "login"; - Router::$controller_path = MODPATH . "gallery/controllers/login.php"; - Router::$method = "html"; + try { + $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller'); + $allowed = $class->getConstant("ALLOW_MAINTENANCE_MODE") === true; + } catch (ReflectionClass $e) { + $allowed = false; + } + if (!$allowed) { + if (Router::$controller == "admin") { + // At this point we're in the admin theme and it doesn't have a themed login page, so + // we can't just swap in the login controller and have it work. So redirect back to the + // root item where we'll run this code again with the site theme. + url::redirect(item::root()->abs_url()); + } else { + Session::instance()->set("continue_url", url::abs_site("admin/maintenance")); + Router::$controller = "login"; + Router::$controller_path = MODPATH . "gallery/controllers/login.php"; + Router::$method = "html"; + } + } } } @@ -45,26 +54,27 @@ class gallery_Core { * the login page. */ static function private_gallery() { - // @todo: we need a mechanism here to identify controllers that are still legally accessible - // when the entire Gallery is private. Perhaps a controller class function or method? - // https://sourceforge.net/apps/trac/gallery/ticket/1411 - if (Router::$controller != "login" && - Router::$controller != "combined" && - Router::$controller != "digibug" && - Router::$controller != "rest" && - identity::active_user()->guest && + if (identity::active_user()->guest && !access::user_can(identity::guest(), "view", item::root()) && php_sapi_name() != "cli") { - if (Router::$controller == "admin") { - // At this point we're in the admin theme and it doesn't have a themed login page, so - // we can't just swap in the login controller and have it work. So redirect back to the - // root item where we'll run this code again with the site theme. - url::redirect(item::root()->abs_url()); - } else { - Session::instance()->set("continue_url", url::abs_current()); - Router::$controller = "login"; - Router::$controller_path = MODPATH . "gallery/controllers/login.php"; - Router::$method = "html"; + try { + $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller'); + $allowed = $class->getConstant("ALLOW_PRIVATE_GALLERY") === true; + } catch (ReflectionClass $e) { + $allowed = false; + } + if (!$allowed) { + if (Router::$controller == "admin") { + // At this point we're in the admin theme and it doesn't have a themed login page, so + // we can't just swap in the login controller and have it work. So redirect back to the + // root item where we'll run this code again with the site theme. + url::redirect(item::root()->abs_url()); + } else { + Session::instance()->set("continue_url", url::abs_current()); + Router::$controller = "login"; + Router::$controller_path = MODPATH . "gallery/controllers/login.php"; + Router::$method = "html"; + } } } } diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index c4e0fda4..00c7cda2 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -18,6 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Rest_Controller extends Controller { + const ALLOW_PRIVATE_GALLERY = true; + public function index() { $username = Input::instance()->post("user"); $password = Input::instance()->post("password"); -- cgit v1.2.3 From 11df9f204f110ebb1a82e851a668bbaa4b7560ee Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 24 Dec 2010 01:10:17 -0800 Subject: Added Croatian as hr_HR. Fixes #1514. --- modules/gallery/helpers/locales.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index 565e9da8..d06bb319 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -64,6 +64,7 @@ class locales_Core { // @todo Might want to add a localizable language name as well. // ref: http://cldr.unicode.org/ // ref: http://cldr.unicode.org/index/cldr-spec/picking-the-right-language-code + // ref: http://unicode.org/repos/cldr-tmp/trunk/diff/supplemental/likely_subtags.html private static function _init_language_data() { $l["af_ZA"] = "Afrikaans"; // Afrikaans $l["ar_SA"] = "العربية"; // Arabic @@ -88,6 +89,7 @@ class locales_Core { $l["fr_FR"] = "Français"; // French $l["ga_IE"] = "Gaeilge"; // Irish $l["he_IL"] = "עברית"; // Hebrew + $l["hr_HR"] = "hr̀vātskī"; // Croatian $l["hu_HU"] = "Magyar"; // Hungarian $l["is_IS"] = "Icelandic"; // Icelandic $l["it_IT"] = "Italiano"; // Italian -- cgit v1.2.3 From 5d37d529b060fea06bae68c664bc91b00297bae6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 21:56:31 -0800 Subject: Update golden file to reflect the change in c989981041e66e336f1410b651173305ab184aba for #1520. --- modules/gallery/tests/xss_data.txt | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 7c5e803d..366391cf 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -399,17 +399,19 @@ themes/wind/views/dynamic.html.php 29 DIRTY $theme themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 32 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 41 DIRTY $new_width -themes/wind/views/page.html.php 42 DIRTY $new_height -themes/wind/views/page.html.php 43 DIRTY $thumb_proportion -themes/wind/views/page.html.php 80 DIRTY $header_text -themes/wind/views/page.html.php 82 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 86 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 107 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 128 DIRTY $content -themes/wind/views/page.html.php 134 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 141 DIRTY $footer_text +themes/wind/views/page.html.php 12 DIRTY $theme->item()->title +themes/wind/views/page.html.php 16 DIRTY item::root()->title +themes/wind/views/page.html.php 26 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 35 DIRTY $new_width +themes/wind/views/page.html.php 36 DIRTY $new_height +themes/wind/views/page.html.php 37 DIRTY $thumb_proportion +themes/wind/views/page.html.php 74 DIRTY $header_text +themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 80 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 122 DIRTY $content +themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 135 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From 9f3c6e4bee9f2ccae04b7b241c07845b9f233cfd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 22:00:25 -0800 Subject: Update test to match change in Item_Model::as_restful_array made in 7e31f97b4cbc5cf1894611de1e9de7a3efc6ad50 for #1536. --- modules/gallery/tests/Item_Model_Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 4987d2f9..0554c0e2 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -362,11 +362,11 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function as_restful_array_with_edit_bit_test() { - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_true($response["can_edit"]); identity::set_active_user(identity::guest()); - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_false($response["can_edit"]); } -- cgit v1.2.3 From b42fcb9cda4dafdb9db86770f54965b3fb2fc7ab Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 23:10:05 -0800 Subject: Use db::expr instead of "new Database_Expression". Resolves #1560. --- .../comment/controllers/admin_manage_comments.php | 2 +- modules/digibug/controllers/digibug.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/helpers/gallery_installer.php | 6 +++--- modules/gallery/helpers/gallery_task.php | 6 +++--- modules/gallery/helpers/module.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 22 +++++++++++----------- modules/gallery/tests/Gallery_Installer_Test.php | 2 +- modules/notification/helpers/notification.php | 2 +- modules/tag/helpers/tag.php | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) (limited to 'modules/gallery') diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php index 49bd85d5..ec876fc4 100644 --- a/modules/comment/controllers/admin_manage_comments.php +++ b/modules/comment/controllers/admin_manage_comments.php @@ -25,7 +25,7 @@ class Admin_Manage_Comments_Controller extends Admin_Controller { db::build() ->delete("comments") ->where("state", "IN", array("deleted", "spam")) - ->where("updated", "<", new Database_Expression("UNIX_TIMESTAMP() - 86400 * 7")) + ->where("updated", "<", db::expr("UNIX_TIMESTAMP() - 86400 * 7")) ->execute(); // Redirect to the appropriate queue diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 22bbe1a6..c48e3e87 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -114,7 +114,7 @@ class Digibug_Controller extends Controller { private function _clean_expired() { db::build() ->delete("digibug_proxies") - ->where("request_date", "<=", new Database_Expression("(CURDATE() - INTERVAL 10 DAY)")) + ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 10 DAY)")) ->limit(20) ->execute(); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 7729d797..80247a0f 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -27,7 +27,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { ->set("state", "stalled") ->where("done", "=", 0) ->where("state", "<>", "stalled") - ->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) + ->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) ->execute(); $stalled_count = $query->count(); if ($stalled_count) { diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index a6b8e6a2..fb7933f7 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -503,7 +503,7 @@ class gallery_installer { foreach (db::build() ->from("items") ->select("id", "slug") - ->where(new Database_Expression("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) + ->where(db::expr("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { @@ -540,7 +540,7 @@ class gallery_installer { if ($version == 25) { db::build() ->update("items") - ->set("title", new Database_Expression("`name`")) + ->set("title", db::expr("`name`")) ->and_open() ->where("title", "IS", null) ->or_where("title", "=", "") @@ -581,7 +581,7 @@ class gallery_installer { $db->query("ALTER TABLE {modules} ADD COLUMN `weight` int(9) DEFAULT NULL"); $db->query("ALTER TABLE {modules} ADD KEY (`weight`)"); db::update("modules") - ->set("weight", new Database_Expression("`id`")) + ->set("weight", db::expr("`id`")) ->execute(); module::set_version("gallery", $version = 32); } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index e69ff91a..9ccff152 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -74,7 +74,7 @@ class gallery_task_Core { // Choose the dirty images in a random order so that if we run this task multiple times // concurrently each task is rebuilding different images simultaneously. $result = graphics::find_dirty_images_query()->select("id") - ->select(new Database_Expression("RAND() as r")) + ->select(db::expr("RAND() as r")) ->order_by("r", "ASC") ->execute(); $total_count = $task->get("total_count", $result->count()); @@ -608,7 +608,7 @@ class gallery_task_Core { static function find_dupe_slugs() { return db::build() ->select_distinct( - array("parent_slug" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) + array("parent_slug" => db::expr("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") @@ -620,7 +620,7 @@ class gallery_task_Core { static function find_dupe_names() { return db::build() ->select_distinct( - array("parent_name" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`name`))"))) + array("parent_name" => db::expr("CONCAT(`parent_id`, ':', LOWER(`name`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 2b446daa..7c5578af 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -488,7 +488,7 @@ class module_Core { static function incr_var($module_name, $name, $increment=1) { db::build() ->update("vars") - ->set("value", new Database_Expression("`value` + $increment")) + ->set("value", db::expr("`value` + $increment")) ->where("module_name", "=", $module_name) ->where("name", "=", $name) ->execute(); diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index f20fafa0..4556273c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -54,12 +54,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the parent for this new item db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + 2")) + ->set("left_ptr", db::expr("`left_ptr` + 2")) ->where("left_ptr", ">=", $parent->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + 2")) + ->set("right_ptr", db::expr("`right_ptr` + 2")) ->where("right_ptr", ">=", $parent->right_ptr) ->execute(); $parent->right_ptr += 2; @@ -109,12 +109,12 @@ class ORM_MPTT_Core extends ORM { try { db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - 2")) + ->set("left_ptr", db::expr("`left_ptr` - 2")) ->where("left_ptr", ">", $this->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - 2")) + ->set("right_ptr", db::expr("`right_ptr` - 2")) ->where("right_ptr", ">", $this->right_ptr) ->execute(); } catch (Exception $e) { @@ -253,7 +253,7 @@ class ORM_MPTT_Core extends ORM { // Update the levels for the to-be-moved items db::build() ->update($this->table_name) - ->set("level", new Database_Expression("`level` + $level_delta")) + ->set("level", db::expr("`level` + $level_delta")) ->where("left_ptr", ">=", $original_left_ptr) ->where("right_ptr", "<=", $original_right_ptr) ->execute(); @@ -262,12 +262,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the target for the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` + $size_of_hole")) ->where("left_ptr", ">=", $target_right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` + $size_of_hole")) ->where("right_ptr", ">=", $target_right_ptr) ->execute(); @@ -290,8 +290,8 @@ class ORM_MPTT_Core extends ORM { $new_offset = $target->right_ptr - $left_ptr; db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $new_offset")) - ->set("right_ptr", new Database_Expression("`right_ptr` + $new_offset")) + ->set("left_ptr", db::expr("`left_ptr` + $new_offset")) + ->set("right_ptr", db::expr("`right_ptr` + $new_offset")) ->where("left_ptr", ">=", $left_ptr) ->where("right_ptr", "<=", $right_ptr) ->execute(); @@ -299,12 +299,12 @@ class ORM_MPTT_Core extends ORM { // Close the hole in the source's parent after the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` - $size_of_hole")) ->where("left_ptr", ">", $right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` - $size_of_hole")) ->where("right_ptr", ">", $right_ptr) ->execute(); } catch (Exception $e) { diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php index 67e712de..d34c3b0e 100644 --- a/modules/gallery/tests/Gallery_Installer_Test.php +++ b/modules/gallery/tests/Gallery_Installer_Test.php @@ -35,7 +35,7 @@ class Gallery_Installer_Test extends Gallery_Unit_Test_Case { public function install_creates_root_item_test() { $max_right_ptr = ORM::factory("item") - ->select(new Database_Expression("MAX(`right_ptr`) AS `right_ptr`")) + ->select(db::expr("MAX(`right_ptr`) AS `right_ptr`")) ->find()->right_ptr; $root = ORM::factory('item')->find(1); $this->assert_equal("Gallery", $root->title); diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 0564d336..2ff8ff48 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -160,7 +160,7 @@ class notification { static function send_pending_notifications() { foreach (db::build() - ->select(new Database_Expression("DISTINCT `email`")) + ->select(db::expr("DISTINCT `email`")) ->from("pending_notifications") ->execute() as $row) { $email = $row->email; diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 14d27c94..bcd3b0c0 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -118,7 +118,7 @@ class tag_Core { static function clear_all($item) { db::build() ->update("tags") - ->set("count", new Database_Expression("`count` - 1")) + ->set("count", db::expr("`count` - 1")) ->where("count", ">", 0) ->where("id", "IN", db::build()->select("tag_id")->from("items_tags")->where("item_id", "=", $item->id)) ->execute(); -- cgit v1.2.3 From fda92507964b9521b632a97c9e343b4639a657f7 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 27 Dec 2010 14:03:11 +0100 Subject: Added limit on select as for the outcome it doesn't matter if there are 20 rows or just 1. Is sufficient to return straight after reading 1 row. --- modules/gallery/libraries/drivers/Cache/Database.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php index b7822811..4f57b3da 100644 --- a/modules/gallery/libraries/drivers/Cache/Database.php +++ b/modules/gallery/libraries/drivers/Cache/Database.php @@ -34,6 +34,7 @@ class Cache_Database_Driver extends Cache_Driver { $count = db::build() ->where("key", "=", $id) ->where("expiration", ">=", time()) + ->limit("1") ->count_records("caches"); return $count > 0; } -- cgit v1.2.3 From 66fd8c7518ab71466aca72d20fb7bcd5f374af26 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 27 Dec 2010 15:35:33 +0100 Subject: Using ON DUPLICATE KEY UPDATE instead of SELECT+UPDATE/INSERT style method (that does 2 trips to Database server and is less optimal). exists() method is not needed anymore thus got removed --- .../gallery/libraries/drivers/Cache/Database.php | 38 +++++----------------- 1 file changed, 8 insertions(+), 30 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php index 4f57b3da..7eda5b30 100644 --- a/modules/gallery/libraries/drivers/Cache/Database.php +++ b/modules/gallery/libraries/drivers/Cache/Database.php @@ -24,21 +24,6 @@ class Cache_Database_Driver extends Cache_Driver { // Kohana database instance protected $db; - /** - * Checks if a cache id is already set. - * - * @param string cache id - * @return boolean - */ - public function exists($id) { - $count = db::build() - ->where("key", "=", $id) - ->where("expiration", ">=", time()) - ->limit("1") - ->count_records("caches"); - return $count > 0; - } - /** * Sets a cache item to the given data, tags, and lifetime. * @@ -60,22 +45,15 @@ class Cache_Database_Driver extends Cache_Driver { $lifetime += time(); } + $db = Database::instance(); + $tags = $db->escape($tags); foreach ($items as $id => $data) { - if ($this->exists($id)) { - $status = db::build() - ->update("caches") - ->set("tags", $tags) - ->set("expiration", $lifetime) - ->set("cache", serialize($data)) - ->where("key", "=", $id) - ->execute(); - } else { - $status = db::build() - ->insert("caches") - ->columns("key", "tags", "expiration", "cache") - ->values($id, $tags, $lifetime, serialize($data)) - ->execute(); - } + $id = $db->escape($id); + $data = $db->escape(serialize($data)); + $db->query("INSERT INTO {caches} (`key`, `tags`, `expiration`, `cache`) + VALUES ('$id', '$tags', $lifetime, '$data') + ON DUPLICATE KEY UPDATE + `tags`=VALUES(tags), `expiration`=VALUES(expiration), `cache`=VALUES(cache)"); } return true; -- cgit v1.2.3 From 440597356d8719bdc6733d2d86aaef5f86d05a1e Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 27 Dec 2010 22:16:29 +0100 Subject: Added changes to installer and upgrader scripts to support INSERT ON DUPLICATE KEY UPDATE SYNTAX in cache lib --- installer/install.sql | 2 +- modules/gallery/helpers/gallery_installer.php | 7 ++++++- modules/gallery/module.info | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 427a3283..baee2b9d 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -43,7 +43,7 @@ CREATE TABLE {caches} ( `expiration` int(9) NOT NULL, `cache` longblob, PRIMARY KEY (`id`), - KEY `key` (`key`), + UNIQUE KEY `key` (`key`), KEY `tags` (`tags`) ) DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index fb7933f7..bf6186a9 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -309,7 +309,7 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); - module::set_version("gallery", 41); + module::set_version("gallery", 42); } static function upgrade($version) { @@ -642,6 +642,11 @@ class gallery_installer { module::clear_var("gallery", "_cache"); module::set_version("gallery", $version = 41); } + + if ($version == 41) { + $db->query("ALTER TABLE {caches} DROP INDEX `key`, ADD UNIQUE `key` (`key`)"); + module::set_version("gallery", $version = 42); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index 2b684e5e..0cc3f6d1 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 41 +version = 42 -- cgit v1.2.3 From 869bba5e132ceb960b72744fc3ebad5e6af14439 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Tue, 28 Dec 2010 18:42:43 +0100 Subject: Truncating table first againt collides when converting INDEX into Unique --- modules/gallery/helpers/gallery_installer.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index bf6186a9..cb314527 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -644,6 +644,7 @@ class gallery_installer { } if ($version == 41) { + $db->query("TRUNCATE TABLE {caches}"); $db->query("ALTER TABLE {caches} DROP INDEX `key`, ADD UNIQUE `key` (`key`)"); module::set_version("gallery", $version = 42); } -- cgit v1.2.3 From 17700b805fad7a74e871366159b4fe1ae4c2d883 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Tue, 28 Dec 2010 22:28:55 +0100 Subject: Coding style fixes: identation on line 48+removed trailing whitespaces, added spaces around =s --- modules/gallery/libraries/drivers/Cache/Database.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php index 7eda5b30..2e773ca4 100644 --- a/modules/gallery/libraries/drivers/Cache/Database.php +++ b/modules/gallery/libraries/drivers/Cache/Database.php @@ -45,15 +45,15 @@ class Cache_Database_Driver extends Cache_Driver { $lifetime += time(); } - $db = Database::instance(); + $db = Database::instance(); $tags = $db->escape($tags); foreach ($items as $id => $data) { $id = $db->escape($id); $data = $db->escape(serialize($data)); - $db->query("INSERT INTO {caches} (`key`, `tags`, `expiration`, `cache`) - VALUES ('$id', '$tags', $lifetime, '$data') - ON DUPLICATE KEY UPDATE - `tags`=VALUES(tags), `expiration`=VALUES(expiration), `cache`=VALUES(cache)"); + $db->query("INSERT INTO {caches} (`key`, `tags`, `expiration`, `cache`) + VALUES ('$id', '$tags', $lifetime, '$data') + ON DUPLICATE KEY UPDATE `tags` = VALUES(tags), `expiration` = VALUES(expiration), + `cache` = VALUES(cache)"); } return true; -- cgit v1.2.3 From a8b0254e4a64b46bef303fbf2dafc4d9553ae38f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 29 Dec 2010 17:31:28 -0800 Subject: Improve the solution for #1545 by sorting the settings menu properly to be naturally ordered and case insensitive. --- modules/gallery/helpers/gallery_event.php | 2 +- modules/gallery/libraries/Admin_View.php | 2 +- modules/gallery/libraries/Menu.php | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5d3ee6ee..689e21d1 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -377,7 +377,7 @@ class gallery_event_Core { module::event("admin_menu", $admin_menu, $theme); $settings_menu = $admin_menu->get("settings_menu"); - sort($settings_menu->elements); + uasort($settings_menu->elements, array("Menu", "title_comparator")); } } } diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 11f8ad14..bff13ace 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -46,7 +46,7 @@ class Admin_View_Core extends Gallery_View { module::event("admin_menu", $menu, $this); $settings_menu = $menu->get("settings_menu"); - sort($settings_menu->elements); + uasort($settings_menu->elements, array("Menu", "title_comparator")); return $menu->render(); } diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php index 58852a72..78b60196 100644 --- a/modules/gallery/libraries/Menu.php +++ b/modules/gallery/libraries/Menu.php @@ -250,4 +250,8 @@ class Menu_Core extends Menu_Element { $view->menu = $this; return $view; } + + static function title_comparator($a, $b) { + return strnatcasecmp((string)$a->label, (string)$b->label); + } } -- cgit v1.2.3 From 336632fea0a955d74099cd169b3178c01f250ff5 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 13:21:54 +0100 Subject: Keep view counters of all item types accurate Added common increment_view_count() func in item model for reuse --- modules/gallery/controllers/albums.php | 5 +---- modules/gallery/controllers/movies.php | 3 +-- modules/gallery/controllers/photos.php | 3 +-- modules/gallery/models/item.php | 10 ++++++++++ 4 files changed, 13 insertions(+), 8 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index b0887195..c0368488 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -71,10 +71,7 @@ class Albums_Controller extends Items_Controller { $template->set_global("parents", $album->parents()->as_array()); // view calls empty() on this $template->content = new View("album.html"); - // We can't use math in ORM or the query builder, so do this by hand. It's important - // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") - ->execute(); + $album->increment_view_count(); print $template; } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 717eb8aa..15d4f950 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -49,8 +49,7 @@ class Movies_Controller extends Items_Controller { $template->content = new View("movie.html"); - $movie->view_count++; - $movie->save(); + $movie->increment_view_count(); print $template; } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index b22ac8e5..2dc22ca4 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -49,8 +49,7 @@ class Photos_Controller extends Items_Controller { $template->content = new View("photo.html"); - $photo->view_count++; - $photo->save(); + $photo->increment_view_count(); print $template; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index fc5c3ff9..d4df0a78 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -1078,6 +1078,16 @@ class Item_Model_Core extends ORM_MPTT { return $data; } + /** + * Increments the view counter of this item + * We can't use math in ORM or the query builder, so do this by hand. It's important + * that we do this with math, otherwise concurrent accesses will damage accuracy. + */ + public function increment_view_count() { + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $this->id") + ->execute(); + } + private function _cache_buster($path) { return "?m=" . (string)(file_exists($path) ? filemtime($path) : 0); } -- cgit v1.2.3 From 7ce902d373ac67d2267a886c18238eb53dd98093 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 15:14:32 +0100 Subject: Removed accidental whitespace --- modules/gallery/models/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index d4df0a78..7ddcb4c2 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -1087,7 +1087,7 @@ class Item_Model_Core extends ORM_MPTT { db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $this->id") ->execute(); } - + private function _cache_buster($path) { return "?m=" . (string)(file_exists($path) ? filemtime($path) : 0); } -- cgit v1.2.3 From b26eff7f23b970a7983baf5e211ba88968effb9d Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 15:44:36 +0100 Subject: Bugfix: input validation validates description up to length of 65535 chars, but DB trimmed data over 2048 chars. Converting column into TEXT type. Note: The effective maximum length of a VARCHAR in MySQL 5.0.3 and later is subject to the maximum row size (65,535 bytes, which is shared among all columns) and the character set used. In contrast to CHAR, VARCHAR values are stored as a one-byte or two-byte length prefix plus data. The length prefix indicates the number of bytes in the value. A column uses one length byte if values require no more than 255 bytes, two length bytes if values may require more than 255 bytes. --- installer/install.sql | 2 +- modules/gallery/helpers/gallery_installer.php | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 2a2bf269..7a0f99c4 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -152,7 +152,7 @@ CREATE TABLE {items} ( `album_cover_item_id` int(9) DEFAULT NULL, `captured` int(9) DEFAULT NULL, `created` int(9) DEFAULT NULL, - `description` varchar(2048) DEFAULT NULL, + `description` TEXT DEFAULT NULL, `height` int(9) DEFAULT NULL, `left_ptr` int(9) NOT NULL, `level` int(9) NOT NULL, diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index cb314527..90d6d4b7 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -309,7 +309,7 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); - module::set_version("gallery", 42); + module::set_version("gallery", 43); } static function upgrade($version) { @@ -648,6 +648,11 @@ class gallery_installer { $db->query("ALTER TABLE {caches} DROP INDEX `key`, ADD UNIQUE `key` (`key`)"); module::set_version("gallery", $version = 42); } + + if ($version == 42) { + $db->query("ALTER TABLE {items} CHANGE `description` `description` TEXT DEFAULT NULL"); + module::set_version("gallery", $version = 43); + } } static function uninstall() { -- cgit v1.2.3 From e6a5f39b9113fa9cfc526b873947e365793d4e3e Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 20:07:12 +0100 Subject: case fix --- modules/gallery/helpers/gallery_installer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 90d6d4b7..834a27fa 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -650,7 +650,7 @@ class gallery_installer { } if ($version == 42) { - $db->query("ALTER TABLE {items} CHANGE `description` `description` TEXT DEFAULT NULL"); + $db->query("ALTER TABLE {items} CHANGE `description` `description` text DEFAULT NULL"); module::set_version("gallery", $version = 43); } } -- cgit v1.2.3 From cfaa62370ecbdb3badf4ab68bbefa7cfedaea154 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sun, 2 Jan 2011 18:59:23 +0100 Subject: Reimplemented Kohana 2.3's View::set_global() with array support. Allows for cleaner code and fewer function calls. --- modules/gallery/controllers/albums.php | 17 +++++++++-------- modules/gallery/controllers/movies.php | 17 +++++++++-------- modules/gallery/controllers/photos.php | 17 +++++++++-------- modules/gallery/libraries/MY_View.php | 10 ++++++++-- 4 files changed, 35 insertions(+), 26 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index c0368488..e69f6b6d 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -61,14 +61,15 @@ class Albums_Controller extends Items_Controller { } $template = new Theme_View("page.html", "collection", "album"); - $template->set_global("page", $page); - $template->set_global("page_title", null); - $template->set_global("max_pages", $max_pages); - $template->set_global("page_size", $page_size); - $template->set_global("item", $album); - $template->set_global("children", $album->viewable()->children($page_size, $offset)); - $template->set_global("children_count", $children_count); - $template->set_global("parents", $album->parents()->as_array()); // view calls empty() on this + $template->set_global(array("page" => $page, + "page_title" => null, + "max_pages" => $max_pages, + "page_size" => $page_size, + "item" => $album, + "children" => $album->viewable()->children($page_size, $offset), + "children_count" => $children_count, + "parents" => $album->parents()->as_array())); + // view calls empty() on this $template->content = new View("album.html"); $album->increment_view_count(); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 15d4f950..1ae969c7 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -38,14 +38,15 @@ class Movies_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "movie"); - $template->set_global("item", $movie); - $template->set_global("children", array()); - $template->set_global("children_count", 0); - $template->set_global("parents", $movie->parents()->as_array()); - $template->set_global("next_item", $next_item); - $template->set_global("previous_item", $previous_item); - $template->set_global("sibling_count", $movie->parent()->viewable()->children_count($where)); - $template->set_global("position", $position); + $template->set_global(array("item" => $movie, + "children" => array(), + "children_count" => 0, + "parents" => $movie->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" + => $movie->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("movie.html"); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 2dc22ca4..e795f336 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -38,14 +38,15 @@ class Photos_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "photo"); - $template->set_global("item", $photo); - $template->set_global("children", array()); - $template->set_global("children_count", 0); - $template->set_global("parents", $photo->parents()->as_array()); - $template->set_global("next_item", $next_item); - $template->set_global("previous_item", $previous_item); - $template->set_global("sibling_count", $photo->parent()->viewable()->children_count($where)); - $template->set_global("position", $position); + $template->set_global(array("item" => $photo, + "children" => array(), + "children_count" => 0, + "parents" => $photo->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" + => $photo->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("photo.html"); diff --git a/modules/gallery/libraries/MY_View.php b/modules/gallery/libraries/MY_View.php index ded77792..2230203a 100644 --- a/modules/gallery/libraries/MY_View.php +++ b/modules/gallery/libraries/MY_View.php @@ -23,8 +23,14 @@ class View extends View_Core { /** * Reimplement Kohana 2.3's View::set_global() functionality. */ - public function set_global($key, $value) { - View::$global_data[$key] = $value; + public function set_global($key, $value = NULL) { + if (is_array($key)) { + foreach ($key as $key2 => $value) { + View::$global_data[$key2] = $value; + } + } else { + View::$global_data[$key] = $value; + } } public function is_set($key=null) { -- cgit v1.2.3 From f364e8a96b47f0e4f674c8b36317fc80184b219a Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 20:28:54 +0100 Subject: Using array support introduced in 8295201adf948ea35f21f75801b7a8bf36c27569 --- modules/gallery/libraries/Admin_View.php | 10 +++++----- modules/gallery/libraries/Theme_View.php | 10 +++++----- modules/search/controllers/search.php | 8 ++++---- modules/tag/controllers/tag.php | 12 ++++++------ 4 files changed, 20 insertions(+), 20 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index bff13ace..28a003cc 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -34,11 +34,11 @@ class Admin_View_Core extends Gallery_View { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->sidebar = ""; - $this->set_global("theme", $this); - $this->set_global("user", identity::active_user()); - $this->set_global("page_type", "admin"); - $this->set_global("page_subtype", $name); - $this->set_global("page_title", null); + $this->set_global(array("theme" => $this, + "user" => identity::active_user(), + "page_type" => "admin", + "page_subtype" => $name, + "page_title" => null)); } public function admin_menu() { diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index d22bb03a..ba1862c0 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -37,11 +37,11 @@ class Theme_View_Core extends Gallery_View { } $this->item = null; $this->tag = null; - $this->set_global("theme", $this); - $this->set_global("user", identity::active_user()); - $this->set_global("page_type", $page_type); - $this->set_global("page_subtype", $page_subtype); - $this->set_global("page_title", null); + $this->set_global(array("theme" => $this, + "user" => identity::active_user(), + "page_type" => $page_type, + "page_subtype" => $page_subtype, + "page_title" => null)); if ($page_type == "collection") { $this->set_global("thumb_proportion", $this->thumb_proportion()); } diff --git a/modules/search/controllers/search.php b/modules/search/controllers/search.php index e5894f30..733bc9f7 100644 --- a/modules/search/controllers/search.php +++ b/modules/search/controllers/search.php @@ -34,10 +34,10 @@ class Search_Controller extends Controller { $max_pages = max(ceil($count / $page_size), 1); $template = new Theme_View("page.html", "collection", "search"); - $template->set_global("page", $page); - $template->set_global("max_pages", $max_pages); - $template->set_global("page_size", $page_size); - $template->set_global("children_count", $count); + $template->set_global(array("page" => $page, + "max_pages" => $max_pages, + "page_size" => $page_size, + "children_count" => $count)); $template->content = new View("search.html"); $template->content->items = $result; diff --git a/modules/tag/controllers/tag.php b/modules/tag/controllers/tag.php index 0e924f3d..7bfa7d58 100644 --- a/modules/tag/controllers/tag.php +++ b/modules/tag/controllers/tag.php @@ -35,12 +35,12 @@ class Tag_Controller extends Controller { } $template = new Theme_View("page.html", "collection", "tag"); - $template->set_global("page", $page); - $template->set_global("max_pages", $max_pages); - $template->set_global("page_size", $page_size); - $template->set_global("tag", $tag); - $template->set_global("children", $tag->items($page_size, $offset)); - $template->set_global("children_count", $children_count); + $template->set_global(array("page" => $page, + "max_pages" => $max_pages, + "page_size" => $page_size, + "tag" => $tag, + "children" => $tag->items($page_size, $offset), + "children_count" => $children_count)); $template->content = new View("dynamic.html"); $template->content->title = t("Tag: %tag_name", array("tag_name" => $tag->name)); -- cgit v1.2.3 From 4a882108259f9542a6c8f2ffe95c9ee0e1c102cd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 3 Jan 2011 11:41:25 -0800 Subject: Follow on to cfaa62370ecbdb3badf4ab68bbefa7cfedaea154 to fix indentation. Fixes #1569. --- modules/gallery/controllers/albums.php | 18 +++++++++--------- modules/gallery/controllers/movies.php | 18 +++++++++--------- modules/gallery/controllers/photos.php | 18 +++++++++--------- 3 files changed, 27 insertions(+), 27 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index e69f6b6d..25df0da7 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -61,15 +61,15 @@ class Albums_Controller extends Items_Controller { } $template = new Theme_View("page.html", "collection", "album"); - $template->set_global(array("page" => $page, - "page_title" => null, - "max_pages" => $max_pages, - "page_size" => $page_size, - "item" => $album, - "children" => $album->viewable()->children($page_size, $offset), - "children_count" => $children_count, - "parents" => $album->parents()->as_array())); - // view calls empty() on this + $template->set_global( + array("page" => $page, + "page_title" => null, + "max_pages" => $max_pages, + "page_size" => $page_size, + "item" => $album, + "children" => $album->viewable()->children($page_size, $offset), + "parents" => $album->parents()->as_array(), // view calls empty() on this + "children_count" => $children_count)); $template->content = new View("album.html"); $album->increment_view_count(); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 1ae969c7..bf50abd5 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -38,15 +38,15 @@ class Movies_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "movie"); - $template->set_global(array("item" => $movie, - "children" => array(), - "children_count" => 0, - "parents" => $movie->parents()->as_array(), - "next_item" => $next_item, - "previous_item" => $previous_item, - "sibling_count" - => $movie->parent()->viewable()->children_count($where), - "position" => $position)); + $template->set_global( + array("item" => $movie, + "children" => array(), + "children_count" => 0, + "parents" => $movie->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" => $movie->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("movie.html"); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index e795f336..d500a92e 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -38,15 +38,15 @@ class Photos_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "photo"); - $template->set_global(array("item" => $photo, - "children" => array(), - "children_count" => 0, - "parents" => $photo->parents()->as_array(), - "next_item" => $next_item, - "previous_item" => $previous_item, - "sibling_count" - => $photo->parent()->viewable()->children_count($where), - "position" => $position)); + $template->set_global( + array("item" => $photo, + "children" => array(), + "children_count" => 0, + "parents" => $photo->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" => $photo->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("photo.html"); -- cgit v1.2.3 From d74aad072d8ccca70efb1c8b673e8368566a1974 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 3 Jan 2011 12:25:51 -0800 Subject: Some small follow on fixes for #1559 and #1568: 1) Make database changes in gallery_installer::install() instead of in installer/install.ql 2) Bump the version number in modules/gallery/module.info --- installer/install.sql | 4 ++-- modules/gallery/helpers/gallery_installer.php | 4 ++-- modules/gallery/module.info | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 84a975ae..6aae8014 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -43,7 +43,7 @@ CREATE TABLE {caches} ( `expiration` int(9) NOT NULL, `cache` longblob, PRIMARY KEY (`id`), - KEY `key` (`key`), + UNIQUE KEY `key` (`key`), KEY `tags` (`tags`) ) DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -152,7 +152,7 @@ CREATE TABLE {items} ( `album_cover_item_id` int(9) DEFAULT NULL, `captured` int(9) DEFAULT NULL, `created` int(9) DEFAULT NULL, - `description` varchar(2048) DEFAULT NULL, + `description` text, `height` int(9) DEFAULT NULL, `left_ptr` int(9) NOT NULL, `level` int(9) NOT NULL, diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 834a27fa..f7b8da5f 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -44,7 +44,7 @@ class gallery_installer { `expiration` int(9) NOT NULL, `cache` longblob, PRIMARY KEY (`id`), - KEY (`key`), + UNIQUE KEY (`key`), KEY (`tags`)) DEFAULT CHARSET=utf8;"); @@ -84,7 +84,7 @@ class gallery_installer { `album_cover_item_id` int(9) default NULL, `captured` int(9) default NULL, `created` int(9) default NULL, - `description` varchar(2048) default NULL, + `description` text default NULL, `height` int(9) default NULL, `left_ptr` int(9) NOT NULL, `level` int(9) NOT NULL, diff --git a/modules/gallery/module.info b/modules/gallery/module.info index 0cc3f6d1..eb579ab6 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 42 +version = 43 -- cgit v1.2.3 From e2b0f92007eb9ef2fad994c9f8957df0bfcbeccf Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 5 Jan 2011 21:05:20 -0800 Subject: Keep Item_Model::scale_dimensions from upscaling. Fixes #1579. --- modules/gallery/models/item.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 7ddcb4c2..88a444b4 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -653,7 +653,7 @@ class Item_Model_Core extends ORM_MPTT { /** * Calculate the largest width/height that fits inside the given maximum, while preserving the - * aspect ratio. + * aspect ratio. Don't upscale. * @param int $max Maximum size of the largest dimension * @return array */ @@ -661,6 +661,10 @@ class Item_Model_Core extends ORM_MPTT { $width = $this->thumb_width; $height = $this->thumb_height; + if ($width <= $max && $height <= $max) { + return array($height, $width); + } + if ($height) { if (isset($max)) { if ($width > $height) { -- cgit v1.2.3 From 9364f0d931883bb5f17f22c4003ee59256f9efb6 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Wed, 5 Jan 2011 23:31:50 +0100 Subject: Allow '..' segment in photo/album paths through file_proxy (as is not forbidden in other places like add album/item) and explitely look for /../ instead Note: directory path can't end in '.' forcibly so this shall be fine Fixes Ticket #1518 --- modules/gallery/controllers/file_proxy.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 22854fbd..5ce9b458 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -45,7 +45,7 @@ class File_Proxy_Controller extends Controller { $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir - if (strpos($file_uri, "..") !== false) { + if (strpos($file_uri, "/../") !== false) { throw new Kohana_404_Exception(); } -- cgit v1.2.3 From d17ba036ee2a4cadb5d1fa03397bbf975d6c254b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 7 Jan 2011 20:40:24 -0800 Subject: Don't enable the REST module by default (fixes #1585). Bump the info module per changes for #662. --- installer/install.sql | 33 ++++++++++++-------------------- modules/gallery/controllers/packager.php | 2 +- 2 files changed, 13 insertions(+), 22 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 6aae8014..c1d71dc2 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -242,18 +242,17 @@ CREATE TABLE {modules} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`), KEY `weight` (`weight`) -) AUTO_INCREMENT=11 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {modules} VALUES (1,1,'gallery',43,1); INSERT INTO {modules} VALUES (2,1,'user',3,2); INSERT INTO {modules} VALUES (3,1,'comment',3,3); INSERT INTO {modules} VALUES (4,1,'organize',2,4); -INSERT INTO {modules} VALUES (5,1,'info',1,5); -INSERT INTO {modules} VALUES (6,1,'rest',3,6); -INSERT INTO {modules} VALUES (7,1,'rss',1,7); -INSERT INTO {modules} VALUES (8,1,'search',1,8); -INSERT INTO {modules} VALUES (9,1,'slideshow',2,9); -INSERT INTO {modules} VALUES (10,1,'tag',2,10); +INSERT INTO {modules} VALUES (5,1,'info',2,5); +INSERT INTO {modules} VALUES (6,1,'rss',1,6); +INSERT INTO {modules} VALUES (7,1,'search',1,7); +INSERT INTO {modules} VALUES (8,1,'slideshow',2,8); +INSERT INTO {modules} VALUES (9,1,'tag',2,9); DROP TABLE IF EXISTS {outgoing_translations}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -350,18 +349,6 @@ CREATE TABLE {themes} ( /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {themes} VALUES (1,'wind',1); INSERT INTO {themes} VALUES (2,'admin_wind',1); -DROP TABLE IF EXISTS {user_access_keys}; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE {user_access_keys} ( - `id` int(9) NOT NULL AUTO_INCREMENT, - `user_id` int(9) NOT NULL, - `access_key` char(32) NOT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `access_key` (`access_key`), - UNIQUE KEY `user_id` (`user_id`) -) DEFAULT CHARSET=utf8; -/*!40101 SET character_set_client = @saved_cs_client */; DROP TABLE IF EXISTS {users}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -395,7 +382,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=35 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=39 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -429,5 +416,9 @@ INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','mininum_password_length','5'); INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0'); INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody'); -INSERT INTO {vars} VALUES (NULL,'rest','allow_guest_access','0'); +INSERT INTO {vars} VALUES (NULL,'info','show_title','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_description','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_owner','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_name','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_captured','1'); INSERT INTO {vars} VALUES (NULL,'slideshow','max_scale','0'); diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index bd51b93c..9da34f9c 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -59,7 +59,7 @@ class Packager_Controller extends Controller { // numbers, keeping our install.sql file more stable. srand(0); - foreach (array("gallery", "user", "comment", "organize", "info", "rest", + foreach (array("gallery", "user", "comment", "organize", "info", "rss", "search", "slideshow", "tag") as $module_name) { module::install($module_name); module::activate($module_name); -- cgit v1.2.3 From 07acd2b750db4a8f77015474254cb1d9f8307d25 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Thu, 6 Jan 2011 06:57:55 +0100 Subject: Set video player to keep the aspect ratio of the video when playing in fullscreen Fixes ticket #1154 - credit goes to floridave --- modules/gallery/views/movieplayer.html.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/gallery') diff --git a/modules/gallery/views/movieplayer.html.php b/modules/gallery/views/movieplayer.html.php index 2e79b620..5c280a36 100644 --- a/modules/gallery/views/movieplayer.html.php +++ b/modules/gallery/views/movieplayer.html.php @@ -9,6 +9,9 @@ provider: "pseudostreaming" }, { + clip: { + scaling: 'fit' + }, plugins: { pseudostreaming: { url: "" -- cgit v1.2.3 From 3ec0ba956dced01a97f2ee7bd943d326c42350e3 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sat, 8 Jan 2011 19:39:23 +0100 Subject: Refactored graphics::detect_toolkits() so ImageMagick and GraphicsMagick shares the same loop. Just as premarked as todo. Will make https://sourceforge.net/apps/trac/gallery/ticket/1555#comment:3 an even quicker task --- modules/gallery/helpers/graphics.php | 76 ++++++++++++++---------------------- 1 file changed, 29 insertions(+), 47 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index edba6b76..cb48ce82 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -318,55 +318,37 @@ class graphics_Core { getenv("PATH"), module::get_var("gallery", "extra_binary_paths"))); - // @todo: consider refactoring the two segments below into a loop since they are so - // similar. - - // ImageMagick - $path = exec("which convert"); - $toolkits->imagemagick->name = "ImageMagick"; - if ($path) { - if (@is_file($path)) { - preg_match('/Version: \S+ (\S+)/', `convert -v`, $matches); - $version = $matches[1]; - - $toolkits->imagemagick->installed = true; - $toolkits->imagemagick->version = $version; - $toolkits->imagemagick->binary = $path; - $toolkits->imagemagick->dir = dirname($path); - $toolkits->imagemagick->rotate = true; - $toolkits->imagemagick->sharpen = true; - } else { - $toolkits->imagemagick->installed = false; - $toolkits->imagemagick->error = - t("ImageMagick is installed, but PHP's open_basedir restriction prevents Gallery from using it."); - } - } else { - $toolkits->imagemagick->installed = false; - $toolkits->imagemagick->error = t("We could not locate ImageMagick on your system."); - } - - // GraphicsMagick - $path = exec("which gm"); - $toolkits->graphicsmagick->name = "GraphicsMagick"; - if ($path) { - if (@is_file($path)) { - preg_match('/\S+ (\S+)/', `gm version`, $matches); - $version = $matches[1]; - - $toolkits->graphicsmagick->installed = true; - $toolkits->graphicsmagick->version = $version; - $toolkits->graphicsmagick->binary = $path; - $toolkits->graphicsmagick->dir = dirname($path); - $toolkits->graphicsmagick->rotate = true; - $toolkits->graphicsmagick->sharpen = true; + // ImageMagick & GraphicsMagick + $magick_kits = array( + "imagemagick" => array( + "name" => "ImageMagick", "binary" => "convert", "version" => "convert -v"), + "graphicsmagick" => array( + "name" => "GraphicsMagick", "binary" => "gm", "version" => "gm version")); + // Loop through the kits + foreach ( $magick_kits as $index => $settings ) { + $path = exec("which " . $settings["binary"]); + $toolkits->$index->name = $settings["name"]; + if ($path) { + if (@is_file($path)) { + preg_match('/Version: \S+ (\S+)/', shell_exec($settings["version"]), $matches); + $version = $matches[1]; + + $toolkits->$index->installed = true; + $toolkits->$index->version = $version; + $toolkits->$index->binary = $path; + $toolkits->$index->dir = dirname($path); + $toolkits->$index->rotate = true; + $toolkits->$index->sharpen = true; + } else { + $toolkits->$index->installed = false; + $toolkits->$index->error = + t($settings["name"] . " is installed, but PHP's open_basedir restriction prevents Gallery from using it."); + } } else { - $toolkits->graphicsmagick->installed = false; - $toolkits->graphicsmagick->error = - t("GraphicsMagick is installed, but PHP's open_basedir restriction prevents Gallery from using it."); + $toolkits->$index->installed = false; + $toolkits->$index->error = + t("We could not locate " . $settings["name"] . " on your system."); } - } else { - $toolkits->graphicsmagick->installed = false; - $toolkits->graphicsmagick->error = t("We could not locate GraphicsMagick on your system."); } } -- cgit v1.2.3 From 7dd63630d8f7fc46847388c307ecf160a729aafb Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sat, 8 Jan 2011 19:44:46 +0100 Subject: Minor coding style fix --- modules/gallery/helpers/graphics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index cb48ce82..96a6ceba 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -325,7 +325,7 @@ class graphics_Core { "graphicsmagick" => array( "name" => "GraphicsMagick", "binary" => "gm", "version" => "gm version")); // Loop through the kits - foreach ( $magick_kits as $index => $settings ) { + foreach ($magick_kits as $index => $settings) { $path = exec("which " . $settings["binary"]); $toolkits->$index->name = $settings["name"]; if ($path) { -- cgit v1.2.3 From e1e1e860cd1b19ebef491f0c0f82a3cd18e63721 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 8 Jan 2011 16:51:25 -0800 Subject: Use the code version when installing a module that has no installer, instead of hardcoding version 1. Fixes #1589. --- installer/install.sql | 2 +- modules/gallery/helpers/module.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 09fabc7d..0ed7f2f3 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -247,7 +247,7 @@ CREATE TABLE {modules} ( INSERT INTO {modules} VALUES (1,1,'gallery',43,1); INSERT INTO {modules} VALUES (2,1,'user',3,2); INSERT INTO {modules} VALUES (3,1,'comment',3,3); -INSERT INTO {modules} VALUES (4,1,'organize',1,4); +INSERT INTO {modules} VALUES (4,1,'organize',3,4); INSERT INTO {modules} VALUES (5,1,'info',2,5); INSERT INTO {modules} VALUES (6,1,'rss',1,6); INSERT INTO {modules} VALUES (7,1,'search',1,7); diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 7c5578af..6efe6162 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -168,7 +168,7 @@ class module_Core { if (method_exists($installer_class, "install")) { call_user_func_array(array($installer_class, "install"), array()); } else { - module::set_version($module_name, 1); + module::set_version($module_name, module::available()->$module_name->code_version); } // Set the weight of the new module, which controls the order in which the modules are -- cgit v1.2.3 From 92f66058d30a04681a01b886bdc652a70652cbfa Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 8 Jan 2011 16:58:52 -0800 Subject: Revert "Warn admins after login if their PHP install has the" This reverts commit 612ddd7050889974fc1f7e449e715b4c1129c0bb. --- modules/gallery/helpers/gallery_event.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 689e21d1..13a0bdb4 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -178,10 +178,6 @@ class gallery_event_Core { } Session::instance()->set("active_auth_timestamp", time()); auth::clear_failed_attempts($user); - - if ($user->admin && ini_get("session.use_trans_sid")) { - message::info(t("PHP is configured with session.use_trans_sid enabled which will cause random logouts. Please disable this setting.", array("url" => "http://www.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid"))); - } } static function user_auth_failed($name) { -- cgit v1.2.3 From eecb24429115b5f1883971befe0de18ac718fc2a Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sun, 9 Jan 2011 02:06:35 +0100 Subject: Made t() calls parsable by localization scanner --- modules/gallery/helpers/graphics.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 96a6ceba..a30699e8 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -342,12 +342,14 @@ class graphics_Core { } else { $toolkits->$index->installed = false; $toolkits->$index->error = - t($settings["name"] . " is installed, but PHP's open_basedir restriction prevents Gallery from using it."); + t("%toolkit_name is installed, but PHP's open_basedir restriction prevents Gallery from using it.", + array("toolkit_name" => $settings["name"])); } } else { $toolkits->$index->installed = false; $toolkits->$index->error = - t("We could not locate " . $settings["name"] . " on your system."); + t("We could not locate %toolkit_name on your system.", + array("toolkit_name" => $settings["name"])); } } } -- cgit v1.2.3 From 713bd4eb6a9bc91a244680828ce881ee8ea5f836 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 8 Jan 2011 18:10:43 -0800 Subject: Improve gallery::find_file() to do a better job of detecting the modules/themes directories. Fixes #1590. --- modules/gallery/helpers/gallery.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 69aabc4f..282289b5 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -153,8 +153,15 @@ class gallery_Core { if (is_string($file_name)) { // make relative to DOCROOT $parts = explode("/", $file_name); + $count = count($parts); foreach ($parts as $idx => $part) { - if (in_array($part, array("application", "modules", "themes", "lib"))) { + // If this part is "modules" or "themes" make sure that the part 2 after this + // is the target directory, and if it is then we're done. This check makes + // sure that if Gallery is installed in a directory called "modules" or "themes" + // We don't parse the directory structure incorrectly. + if (in_array($part, array("modules", "themes")) && + $idx + 2 < $count && + $parts[$idx + 2] == $directory) { break; } unset($parts[$idx]); -- cgit v1.2.3 From 0d7e951aa5f7329edb25e821de95051668789bcd Mon Sep 17 00:00:00 2001 From: Jérémy Subtil Date: Sat, 8 Jan 2011 22:57:09 +0100 Subject: Moved item_Model::get_position() method to the Item helper. It now calls the viewable() method on every query. --- modules/gallery/helpers/item.php | 85 ++++++++++++++++++++++++++++++++++++++++ modules/gallery/models/item.php | 79 ++----------------------------------- 2 files changed, 89 insertions(+), 75 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 29dd8603..a2d5f74d 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -304,4 +304,89 @@ class item_Core { ->where("rand_key", "<", random::percent()) ->order_by("rand_key", "DESC"); } + + /** + * Find the position of the given item in its parent album. The resulting + * value is 1-indexed, so the first child in the album is at position 1. + */ + static function get_position($item, $where=array()) { + $album = $item->parent(); + + if (!strcasecmp($album->sort_order, "DESC")) { + $comp = ">"; + } else { + $comp = "<"; + } + $query_model = ORM::factory("item"); + + // If the comparison column has NULLs in it, we can't use comparators on it + // and will have to deal with it the hard way. + $count = $query_model->viewable() + ->where("parent_id", "=", $album->id) + ->where($album->sort_column, "IS", null) + ->merge_where($where) + ->count_all(); + + if (empty($count)) { + // There are no NULLs in the sort column, so we can just use it directly. + $sort_column = $album->sort_column; + + $position = $query_model->viewable() + ->where("parent_id", "=", $album->id) + ->where($sort_column, $comp, $item->$sort_column) + ->merge_where($where) + ->count_all(); + + // We stopped short of our target value in the sort (notice that we're + // using a < comparator above) because it's possible that we have + // duplicate values in the sort column. An equality check would just + // arbitrarily pick one of those multiple possible equivalent columns, + // which would mean that if you choose a sort order that has duplicates, + // it'd pick any one of them as the child's "position". + // + // Fix this by doing a 2nd query where we iterate over the equivalent + // columns and add them to our base value. + foreach ($query_model->viewable() + ->select("id") + ->where("parent_id", "=", $album->id) + ->where($sort_column, "=", $item->$sort_column) + ->merge_where($where) + ->order_by(array("id" => "ASC")) + ->find_all() as $row) { + $position++; + if ($row->id == $item->id) { + break; + } + } + } else { + // There are NULLs in the sort column, so we can't use MySQL comparators. + // Fall back to iterating over every child row to get to the current one. + // This can be wildly inefficient for really large albums, but it should + // be a rare case that the user is sorting an album with null values in + // the sort column. + // + // Reproduce the children() functionality here using Database directly to + // avoid loading the whole ORM for each row. + $order_by = array($album->sort_column => $album->sort_order); + // Use id as a tie breaker + if ($album->sort_column != "id") { + $order_by["id"] = "ASC"; + } + + $position = 0; + foreach ($query_model->viewable() + ->select("id") + ->where("parent_id", "=", $album->id) + ->merge_where($where) + ->order_by($order_by) + ->find_all() as $row) { + $position++; + if ($row->id == $item->id) { + break; + } + } + } + + return $position; + } } \ No newline at end of file diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 88a444b4..47b062b8 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -546,83 +546,12 @@ class Item_Model_Core extends ORM_MPTT { /** * Find the position of the given child id in this album. The resulting value is 1-indexed, so * the first child in the album is at position 1. + * + * This method stands as a backward compatibility for gallery 3.0, and will + * be deprecated in version 3.1. */ public function get_position($child, $where=array()) { - if (!strcasecmp($this->sort_order, "DESC")) { - $comp = ">"; - } else { - $comp = "<"; - } - $db = db::build(); - - // If the comparison column has NULLs in it, we can't use comparators on it and will have to - // deal with it the hard way. - $count = $db->from("items") - ->where("parent_id", "=", $this->id) - ->where($this->sort_column, "IS", null) - ->merge_where($where) - ->count_records(); - - if (empty($count)) { - // There are no NULLs in the sort column, so we can just use it directly. - $sort_column = $this->sort_column; - - $position = $db->from("items") - ->where("parent_id", "=", $this->id) - ->where($sort_column, $comp, $child->$sort_column) - ->merge_where($where) - ->count_records(); - - // We stopped short of our target value in the sort (notice that we're using a < comparator - // above) because it's possible that we have duplicate values in the sort column. An - // equality check would just arbitrarily pick one of those multiple possible equivalent - // columns, which would mean that if you choose a sort order that has duplicates, it'd pick - // any one of them as the child's "position". - // - // Fix this by doing a 2nd query where we iterate over the equivalent columns and add them to - // our base value. - foreach ($db - ->select("id") - ->from("items") - ->where("parent_id", "=", $this->id) - ->where($sort_column, "=", $child->$sort_column) - ->merge_where($where) - ->order_by(array("id" => "ASC")) - ->execute() as $row) { - $position++; - if ($row->id == $child->id) { - break; - } - } - } else { - // There are NULLs in the sort column, so we can't use MySQL comparators. Fall back to - // iterating over every child row to get to the current one. This can be wildly inefficient - // for really large albums, but it should be a rare case that the user is sorting an album - // with null values in the sort column. - // - // Reproduce the children() functionality here using Database directly to avoid loading the - // whole ORM for each row. - $order_by = array($this->sort_column => $this->sort_order); - // Use id as a tie breaker - if ($this->sort_column != "id") { - $order_by["id"] = "ASC"; - } - - $position = 0; - foreach ($db->select("id") - ->from("items") - ->where("parent_id", "=", $this->id) - ->merge_where($where) - ->order_by($order_by) - ->execute() as $row) { - $position++; - if ($row->id == $child->id) { - break; - } - } - } - - return $position; + return item::get_position($child, $where); } /** -- cgit v1.2.3 From 24c0b69847d4144c29e557fa654c30247e628a9c Mon Sep 17 00:00:00 2001 From: Jérémy Subtil Date: Sun, 9 Jan 2011 00:22:46 +0100 Subject: Fixed item controllers so that any item position is computed correctly, when some other items belonging to the same parent album are not viewable. Changed depracated calls to item_Model::get_position() to item::get_position(). --- modules/gallery/controllers/albums.php | 2 +- modules/gallery/controllers/movies.php | 4 ++-- modules/gallery/controllers/photos.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 25df0da7..3435465c 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -37,7 +37,7 @@ class Albums_Controller extends Items_Controller { if ($show) { $child = ORM::factory("item", $show); - $index = $album->get_position($child); + $index = item::get_position($child); if ($index) { $page = ceil($index / $page_size); if ($page == 1) { diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index bf50abd5..7c85dd98 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -28,10 +28,10 @@ class Movies_Controller extends Items_Controller { access::required("view", $movie); $where = array(array("type", "!=", "album")); - $position = $movie->parent()->get_position($movie, $where); + $position = item::get_position($movie, $where); if ($position > 1) { list ($previous_item, $ignore, $next_item) = - $movie->parent()->children(3, $position - 2, $where); + $movie->parent()->viewable()->children(3, $position - 2, $where); } else { $previous_item = null; list ($next_item) = $movie->parent()->viewable()->children(1, $position, $where); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index d500a92e..4578747d 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -28,10 +28,10 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); $where = array(array("type", "!=", "album")); - $position = $photo->parent()->get_position($photo, $where); + $position = item::get_position($photo, $where); if ($position > 1) { list ($previous_item, $ignore, $next_item) = - $photo->parent()->children(3, $position - 2, $where); + $photo->parent()->viewable()->children(3, $position - 2, $where); } else { $previous_item = null; list ($next_item) = $photo->parent()->viewable()->children(1, $position, $where); -- cgit v1.2.3 From bd6bd029a7c2e0247d4da931c49f3731498cd303 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 10 Jan 2011 14:04:15 -0800 Subject: Fix up the version detecting regex for GraphicsMagick and don't crash if the regex doesn't return properly. Follow on to 3ec0ba956dced01a97f2ee7bd943d326c42350e3 for ticket #1595. --- modules/gallery/helpers/graphics.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index a30699e8..29527705 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -321,16 +321,18 @@ class graphics_Core { // ImageMagick & GraphicsMagick $magick_kits = array( "imagemagick" => array( - "name" => "ImageMagick", "binary" => "convert", "version" => "convert -v"), + "name" => "ImageMagick", "binary" => "convert", "version" => "convert -v", + "version_regex" => "/Version: \S+ (\S+)/"), "graphicsmagick" => array( - "name" => "GraphicsMagick", "binary" => "gm", "version" => "gm version")); + "name" => "GraphicsMagick", "binary" => "gm", "version" => "gm version", + "version_regex" => "/\S+ (\S+)/")); // Loop through the kits foreach ($magick_kits as $index => $settings) { $path = exec("which " . $settings["binary"]); $toolkits->$index->name = $settings["name"]; if ($path) { - if (@is_file($path)) { - preg_match('/Version: \S+ (\S+)/', shell_exec($settings["version"]), $matches); + if (@is_file($path) && + preg_match($settings["version_regex"], shell_exec($settings["version"]), $matches)) { $version = $matches[1]; $toolkits->$index->installed = true; -- cgit v1.2.3 From d557b2a63e2ea424965fb53be9f6b76ad3f18015 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 10 Jan 2011 14:50:30 -0800 Subject: Allow File_Proxy_Controller to run in private gallery mode since it does all the right permission checks. This prevents a hotlink to a private photo in a private gallery from kicking the user out to a login page. Fixes #1594. --- modules/gallery/controllers/file_proxy.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 22854fbd..c6051dfd 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -27,6 +27,7 @@ * input is sanitized against the database before we perform any file I/O. */ class File_Proxy_Controller extends Controller { + const ALLOW_PRIVATE_GALLERY = true; public function __call($function, $args) { // request_uri: gallery3/var/trunk/albums/foo/bar.jpg $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); -- cgit v1.2.3 From 23eaec7063b81d4dae04ec3f5c311a0a2f228a05 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 10 Jan 2011 15:49:15 -0800 Subject: Stop using "which" to find binaries. Create system::find_binary() which traverses the $PATH and returns any executable binary of the appropriate name that it can find. Fixes #1555. --- modules/gallery/helpers/graphics.php | 8 ++----- modules/gallery/helpers/movie.php | 14 +++++------- modules/gallery/helpers/system.php | 43 ++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 modules/gallery/helpers/system.php (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 29527705..18820ed7 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -313,11 +313,6 @@ class graphics_Core { $toolkits->graphicsmagick->installed = false; $toolkits->graphicsmagick->error = t("GraphicsMagick requires the exec function"); } else { - gallery::set_path_env( - array(module::get_var("gallery", "graphics_toolkit_path"), - getenv("PATH"), - module::get_var("gallery", "extra_binary_paths"))); - // ImageMagick & GraphicsMagick $magick_kits = array( "imagemagick" => array( @@ -328,7 +323,8 @@ class graphics_Core { "version_regex" => "/\S+ (\S+)/")); // Loop through the kits foreach ($magick_kits as $index => $settings) { - $path = exec("which " . $settings["binary"]); + $path = system::find_binary( + $settings["binary"], module::get_var("gallery", "graphics_toolkit_path")); $toolkits->$index->name = $settings["name"]; if ($path) { if (@is_file($path) && diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 0895c5f4..dd0b437e 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -83,22 +83,18 @@ class movie_Core { } } + /** + * Return the path to the ffmpeg binary if one exists and is executable, or null. + */ static function find_ffmpeg() { if (!($ffmpeg_path = module::get_var("gallery", "ffmpeg_path")) || !file_exists($ffmpeg_path)) { - gallery::set_path_env( - array(module::get_var("gallery", "graphics_toolkit_path"), - getenv("PATH"), - module::get_var("gallery", "extra_binary_paths"))); - if (function_exists("exec")) { - $ffmpeg_path = exec("which ffmpeg"); - } - + $ffmpeg_path = system::find_binary( + "ffmpeg", module::get_var("gallery", "graphics_toolkit_path")); module::set_var("gallery", "ffmpeg_path", $ffmpeg_path); } return $ffmpeg_path; } - /** * Return the width, height, mime_type and extension of the given movie file. */ diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php new file mode 100644 index 00000000..4a6a3c0f --- /dev/null +++ b/modules/gallery/helpers/system.php @@ -0,0 +1,43 @@ + Date: Mon, 10 Jan 2011 22:20:12 -0800 Subject: Create new APIs for allowing themers to control what CSS/JS get combined and when. Backwards compatible in that old themes will work, but their CSS/JS will no longer be combined unless they make some changes. Fixes #1600. --- modules/gallery/libraries/Admin_View.php | 5 --- modules/gallery/libraries/Gallery_View.php | 61 +++++++++++++++++++++--------- modules/gallery/libraries/Theme_View.php | 14 ------- themes/admin_wind/views/admin.html.php | 38 ++++++++++++------- themes/wind/views/page.html.php | 49 +++++++++++++++--------- 5 files changed, 99 insertions(+), 68 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 28a003cc..1a633a34 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -96,11 +96,6 @@ class Admin_View_Core extends Gallery_View { } } - if ($function == "admin_head") { - array_unshift($blocks, $this->combine_files($this->scripts, "javascript")); - array_unshift($blocks, $this->combine_files($this->css, "css")); - } - if (Session::instance()->get("debug")) { if ($function != "admin_head") { array_unshift( diff --git a/modules/gallery/libraries/Gallery_View.php b/modules/gallery/libraries/Gallery_View.php index b45bb94a..8befda95 100644 --- a/modules/gallery/libraries/Gallery_View.php +++ b/modules/gallery/libraries/Gallery_View.php @@ -19,18 +19,35 @@ */ class Gallery_View_Core extends View { protected $theme_name = null; - protected $scripts = array(); - protected $css = array(); + protected $combine_queue = array(); /** - * Add a script to the combined scripts list. + * Begin gather up scripts or css files so that they can be combined into a single request. + * + * @param $types a comma separated list of types to combine, eg "script,css" + */ + public function start_combining($types) { + foreach (explode(",", $types) as $type) { + $this->combine_queue[$type] = array(); + } + } + + /** + * If script combining is enabled, add this script to the list of scripts that will be + * combined into a single script element. When combined, the order of scripts is preserved. + * * @param $file the file name or path of the script to include. If a path is specified then * it needs to be relative to DOCROOT. Just specifying a file name will result * in searching Kohana's cascading file system. + * @param $group the group of scripts to combine this with. defaults to "core" */ - public function script($file) { + public function script($file, $group="core") { if (($path = gallery::find_file("js", $file, false))) { - $this->scripts[$path] = 1; + if (isset($this->combine_queue["script"])) { + $this->combine_queue["script"][$group][$path] = 1; + } else { + return html::script($path); + } } else { Kohana_Log::add("error", "Can't find script file: $file"); } @@ -46,14 +63,22 @@ class Gallery_View_Core extends View { } /** - * Add a css file to the combined css list. - * @param $file the file name or path of the script to include. If a path is specified then + * If css combining is enabled, add this css to the list of css that will be + * combined into a single style element. When combined, the order of style elements + * is preserved. + * + * @param $file the file name or path of the css to include. If a path is specified then * it needs to be relative to DOCROOT. Just specifying a file name will result * in searching Kohana's cascading file system. + * @param $group the group of css to combine this with. defaults to "core" */ - public function css($file) { + public function css($file, $group="core") { if (($path = gallery::find_file("css", $file, false))) { - $this->css[$path] = 1; + if (isset($this->combine_queue["css"])) { + $this->combine_queue["css"][$group][$path] = 1; + } else { + return html::stylesheet($path); + } } else { Kohana_Log::add("error", "Can't find css file: $file"); } @@ -61,11 +86,13 @@ class Gallery_View_Core extends View { /** * Combine a series of files into a single one and cache it in the database. + * @param $type the data type (script or css) + * @param $group the group of scripts or css we want */ - protected function combine_files($paths, $type) { + public function get_combined($type, $group="core") { $links = array(); - if (empty($paths)) { + if (empty($this->combine_queue[$type][$group])) { return; } @@ -73,7 +100,7 @@ class Gallery_View_Core extends View { // entries. $key = array(url::abs_file("")); - foreach (array_keys($paths) as $path) { + foreach (array_keys($this->combine_queue[$type][$group]) as $path) { $stats = stat($path); // 7 == size, 9 == mtime, see http://php.net/stat $key[] = "$path $stats[7] $stats[9]"; @@ -85,7 +112,7 @@ class Gallery_View_Core extends View { if (empty($contents)) { $contents = ""; - foreach (array_keys($paths) as $path) { + foreach (array_keys($this->combine_queue[$type][$group]) as $path) { if ($type == "css") { $contents .= "/* $path */\n" . $this->process_css($path) . "\n"; } else { @@ -103,12 +130,12 @@ class Gallery_View_Core extends View { } } + unset($this->combine_queue[$type][$group]); + if ($type == "css") { - return "\n" . - html::stylesheet("combined/css/$key", "screen,print,projection", true); + return html::stylesheet("combined/css/$key", "screen,print,projection", true); } else { - return "\n" . - html::script("combined/javascript/$key", true); + return html::script("combined/javascript/$key", true); } } diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index ba1862c0..04784ca1 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -236,13 +236,6 @@ class Theme_View_Core extends Gallery_View { case "thumb_bottom": case "thumb_info": case "thumb_top": - if ($function == "head") { - // Stash any CSS we have already; that came from the theme and we want theme CSS to - // override module CSs - $save_css = $this->css; - $this->css = array(); - } - $blocks = array(); if (method_exists("gallery_theme", $function)) { switch (count($args)) { @@ -281,13 +274,6 @@ class Theme_View_Core extends Gallery_View { array_merge(array($this), $args)); } - if ($function == "head") { - // Merge the theme CSS/JS at the end - $this->css = array_merge($this->css, $save_css); - array_unshift($blocks, $this->combine_files($this->scripts, "javascript")); - array_unshift($blocks, $this->combine_files($this->css, "css")); - } - if (Session::instance()->get("debug")) { if ($function != "head" && $function != "body_attributes") { array_unshift( diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php index c8041069..54b30c6f 100644 --- a/themes/admin_wind/views/admin.html.php +++ b/themes/admin_wind/views/admin.html.php @@ -4,6 +4,7 @@ + start_combining("script,css") ?> <? if ($page_title): ?> <?= t("Gallery Admin: %page_title", array("page_title" => $page_title)) ?> @@ -11,8 +12,26 @@ <?= t("Admin dashboard") ?> <? endif ?> - " type="image/x-icon" /> + " + type="image/x-icon" /> + script("jquery.js") ?> + script("jquery.form.js") ?> + script("jquery-ui.js") ?> + script("gallery.common.js") ?> + + + script("gallery.ajax.js") ?> + script("gallery.dialog.js") ?> + script("superfish/js/superfish.js") ?> + + admin_head() ?> + + + script("ui.init.js") ?> css("yui/reset-fonts-grids.css") ?> css("themeroller/ui.base.css") ?> css("superfish/css/superfish.css") ?> @@ -22,20 +41,11 @@ media="screen,print,projection" /> - script("jquery.js") ?> - script("jquery.form.js") ?> - script("jquery-ui.js") ?> - script("gallery.common.js") ?> - - - script("gallery.ajax.js") ?> - script("gallery.dialog.js") ?> - script("superfish/js/superfish.js") ?> - script("ui.init.js") ?> + + get_combined("script") ?> - admin_head() ?> + + get_combined("css") ?> body_attributes() ?>> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 90f76bb5..441866d5 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -4,6 +4,7 @@ + start_combining("script,css") ?> <? if ($page_title): ?> <?= $page_title ?> @@ -17,28 +18,24 @@ <? endif ?> <? endif ?> - " type="image/x-icon" /> - css("yui/reset-fonts-grids.css") ?> - css("superfish/css/superfish.css") ?> - css("themeroller/ui.base.css") ?> - css("screen.css") ?> - + " + type="image/x-icon" /> + page_type == "collection"): ?> - + + script("json2-min.js") ?> script("jquery.js") ?> script("jquery.form.js") ?> @@ -52,9 +49,8 @@ script("gallery.dialog.js") ?> script("superfish/js/superfish.js") ?> script("jquery.localscroll.js") ?> - script("ui.init.js") ?> - head() they get combined */ ?> + page_subtype == "photo"): ?> script("jquery.scrollTo.js") ?> script("gallery.show_full_size.js") ?> @@ -63,6 +59,23 @@ head() ?> + + + script("ui.init.js") ?> + css("yui/reset-fonts-grids.css") ?> + css("superfish/css/superfish.css") ?> + css("themeroller/ui.base.css") ?> + css("screen.css") ?> + + + + get_combined("script") ?> + + + get_combined("css") ?> body_attributes() ?>> -- cgit v1.2.3 From 84e08a62838b0299a5daa7c9cac4be3eca6d0cb1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 01:04:10 -0800 Subject: Don't resize if the target size is the same as the original. Fixes #1602. --- modules/gallery/helpers/gallery_graphics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index fca18076..4cd7143e 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -56,7 +56,7 @@ class gallery_graphics_Core { } $dims = getimagesize($input_file); - if (max($dims[0], $dims[1]) < min($options["width"], $options["height"])) { + if (max($dims[0], $dims[1]) <= min($options["width"], $options["height"])) { // Image would get upscaled; do nothing copy($input_file, $output_file); } else { -- cgit v1.2.3 From 7f6d87166df138073d85dd5201de8b9d19bc6cd2 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Tue, 11 Jan 2011 23:16:05 +0100 Subject: Removed check as input value is compared against dataset of validated values, and request is only processed further in case of a match. => this is unnecessary --- modules/gallery/controllers/file_proxy.php | 5 ----- 1 file changed, 5 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 5ce9b458..47e1e483 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -44,11 +44,6 @@ class File_Proxy_Controller extends Controller { $file_uri = substr($request_uri, strlen($var_uri)); - // Make sure that we don't leave the var dir - if (strpos($file_uri, "/../") !== false) { - throw new Kohana_404_Exception(); - } - list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); -- cgit v1.2.3 From 049f2af1c982bb12fee6e5512e4830f63d06d343 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Wed, 12 Jan 2011 00:05:11 +0100 Subject: Returning 2 flags from l10n_client::validate_api_key(), 1 to reflect if connection was built up properly (just a boolean, not distuingishing between reasons in case of a failure), the other to reflect API validating success status. Using this presenting a slightly more meaningfull error msg to user in case the connection would fail. Fixes Ticket #1504 --- modules/gallery/controllers/admin_languages.php | 11 +++++++---- modules/gallery/helpers/l10n_client.php | 8 ++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 573ededf..e9be2a88 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -74,9 +74,11 @@ class Admin_Languages_Controller extends Admin_Controller { private function _save_api_key($form) { $new_key = $form->sharing->api_key->value; - if ($new_key && !l10n_client::validate_api_key($new_key)) { - $form->sharing->api_key->add_error("invalid", 1); - $valid = false; + if ($new_key) { + list($connected, $valid) = l10n_client::validate_api_key($new_key); + if (!$valid) { + $form->sharing->api_key->add_error($connected ? "invalid" : "noconn", 1); + } } else { $valid = true; } @@ -119,7 +121,8 @@ class Admin_Languages_Controller extends Admin_Controller { array("server-link" => html::mark_clean(html::anchor($server_link)))) : t("API key")) ->value($api_key) - ->error_messages("invalid", t("The API key you provided is invalid.")); + ->error_messages("invalid", t("The API key you provided is invalid.")) + ->error_messages("noconn", t("Could not connect to remote server to validate the API key.")); $group->submit("save")->value(t("Save settings")); if ($api_key && $this->_outgoing_translations_count()) { // TODO: UI improvement: hide API key / save button when API key is set. diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 8c2685a8..2af5c8d0 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -60,10 +60,14 @@ class l10n_client_Core { "client_token" => l10n_client::client_token(), "signature" => $signature, "uid" => l10n_client::server_uid($api_key))); + if (!isset($response_data) && !isset($response_status)) { + return array(false, false); + } + if (!remote::success($response_status)) { - return false; + return array(true, false); } - return true; + return array(true, true); } /** -- cgit v1.2.3 From 92db7f42181f6582763e7b5c56b18b989b061e21 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 15:23:20 -0800 Subject: Update some comments. --- modules/gallery/helpers/item.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index a2d5f74d..8aa14934 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -308,6 +308,9 @@ class item_Core { /** * Find the position of the given item in its parent album. The resulting * value is 1-indexed, so the first child in the album is at position 1. + * + * @param Item_Model $item + * @param array $where an array of arrays, each compatible with ORM::where() */ static function get_position($item, $where=array()) { $album = $item->parent(); @@ -338,14 +341,14 @@ class item_Core { ->count_all(); // We stopped short of our target value in the sort (notice that we're - // using a < comparator above) because it's possible that we have + // using a inequality comparator above) because it's possible that we have // duplicate values in the sort column. An equality check would just // arbitrarily pick one of those multiple possible equivalent columns, // which would mean that if you choose a sort order that has duplicates, // it'd pick any one of them as the child's "position". // // Fix this by doing a 2nd query where we iterate over the equivalent - // columns and add them to our base value. + // columns and add them to our position count. foreach ($query_model->viewable() ->select("id") ->where("parent_id", "=", $album->id) -- cgit v1.2.3 From ee53744aa73b06f262122b6236014618fe6d742c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 16:59:57 -0800 Subject: Two improvements to Joe's fix for #1504: 1) Trap all exceptions, eg dns or connectivity issues and report back in the form (but put the stack trace in the logs) 2) Rename "noconn" to "no_connection" --- modules/gallery/controllers/admin_languages.php | 5 +++-- modules/gallery/helpers/l10n_client.php | 15 ++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index e9be2a88..f96a0eb7 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -77,7 +77,7 @@ class Admin_Languages_Controller extends Admin_Controller { if ($new_key) { list($connected, $valid) = l10n_client::validate_api_key($new_key); if (!$valid) { - $form->sharing->api_key->add_error($connected ? "invalid" : "noconn", 1); + $form->sharing->api_key->add_error($connected ? "invalid" : "no_connection", 1); } } else { $valid = true; @@ -122,7 +122,8 @@ class Admin_Languages_Controller extends Admin_Controller { : t("API key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")) - ->error_messages("noconn", t("Could not connect to remote server to validate the API key.")); + ->error_messages( + "no_connection", t("Could not connect to remote server to validate the API key.")); $group->submit("save")->value(t("Save settings")); if ($api_key && $this->_outgoing_translations_count()) { // TODO: UI improvement: hide API key / save button when API key is set. diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 2af5c8d0..8fc66b68 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -55,11 +55,16 @@ class l10n_client_Core { $url = self::_server_url("status"); $signature = self::_sign($version, $api_key); - list ($response_data, $response_status) = remote::post( - $url, array("version" => $version, - "client_token" => l10n_client::client_token(), - "signature" => $signature, - "uid" => l10n_client::server_uid($api_key))); + try { + list ($response_data, $response_status) = remote::post( + $url, array("version" => $version, + "client_token" => l10n_client::client_token(), + "signature" => $signature, + "uid" => l10n_client::server_uid($api_key))); + } catch (ErrorException $e) { + // Log the error, but then return a "can't make connection" error + Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); + } if (!isset($response_data) && !isset($response_status)) { return array(false, false); } -- cgit v1.2.3 From 09d34696a12ae15f6c7378a64b2359465b2d7277 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 17:54:33 -0800 Subject: Update comments to annotate what data is where during the process. Follow-on for #1518. --- modules/gallery/controllers/file_proxy.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 0400d7c4..98f4e839 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -29,9 +29,11 @@ class File_Proxy_Controller extends Controller { const ALLOW_PRIVATE_GALLERY = true; public function __call($function, $args) { - // request_uri: gallery3/var/trunk/albums/foo/bar.jpg + // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234 $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); + // get rid of query parameters + // request_uri: gallery3/var/albums/foo/bar.jpg $request_uri = preg_replace("/\?.*/", "", $request_uri); // var_uri: gallery3/var/ @@ -43,8 +45,11 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + // file_uri: albums/foo/bar.jpg $file_uri = substr($request_uri, strlen($var_uri)); + // type: albums + // path: foo/bar.jpg list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); -- cgit v1.2.3 From 376f09c4e171e03a5b3764e51e0d28f1f57a233b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 12:47:15 -0800 Subject: Reorganize the url() function out from in the middle of the script/css combining functions. --- modules/gallery/libraries/Gallery_View.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Gallery_View.php b/modules/gallery/libraries/Gallery_View.php index 8befda95..e27dc41a 100644 --- a/modules/gallery/libraries/Gallery_View.php +++ b/modules/gallery/libraries/Gallery_View.php @@ -21,6 +21,15 @@ class Gallery_View_Core extends View { protected $theme_name = null; protected $combine_queue = array(); + /** + * Provide a url to a resource within the current theme. This allows us to refer to theme + * resources without naming the theme itself which makes themes easier to copy. + */ + public function url($path, $absolute_url=false) { + $arg = "themes/{$this->theme_name}/$path"; + return $absolute_url ? url::abs_file($arg) : url::file($arg); + } + /** * Begin gather up scripts or css files so that they can be combined into a single request. * @@ -53,15 +62,6 @@ class Gallery_View_Core extends View { } } - /** - * Provide a url to a resource within the current theme. This allows us to refer to theme - * resources without naming the theme itself which makes themes easier to copy. - */ - public function url($path, $absolute_url=false) { - $arg = "themes/{$this->theme_name}/$path"; - return $absolute_url ? url::abs_file($arg) : url::file($arg); - } - /** * If css combining is enabled, add this css to the list of css that will be * combined into a single style element. When combined, the order of style elements -- cgit v1.2.3 From ee13b934f46d67982e5eeea21f81ac58f166741c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 13:14:43 -0800 Subject: Fix all the head() and admin_head() theme callbacks to return the results of the $theme->css() and $theme->script() calls. This handles the case where combining scripts/css returns HTML instead of putting it in the queue for combination. Fixes #1611. --- modules/comment/helpers/comment_theme.php | 8 +++----- modules/digibug/helpers/digibug_theme.php | 2 +- modules/gallery/helpers/gallery_theme.php | 27 +++++++++++++------------ modules/recaptcha/helpers/recaptcha_theme.php | 4 ++-- modules/server_add/helpers/server_add_theme.php | 18 ++++++++--------- modules/tag/helpers/tag_theme.php | 10 ++++----- modules/user/helpers/user_theme.php | 8 ++++---- 7 files changed, 38 insertions(+), 39 deletions(-) (limited to 'modules/gallery') diff --git a/modules/comment/helpers/comment_theme.php b/modules/comment/helpers/comment_theme.php index b993cdae..9cc93fa1 100644 --- a/modules/comment/helpers/comment_theme.php +++ b/modules/comment/helpers/comment_theme.php @@ -19,14 +19,12 @@ */ class comment_theme_Core { static function head($theme) { - $theme->css("comment.css"); - $theme->script("comment.js"); - return ""; + return $theme->css("comment.css") + . $theme->script("comment.js"); } static function admin_head($theme) { - $theme->css("comment.css"); - return ""; + return $theme->css("comment.css"); } static function photo_bottom($theme) { diff --git a/modules/digibug/helpers/digibug_theme.php b/modules/digibug/helpers/digibug_theme.php index d146e17d..1106910e 100644 --- a/modules/digibug/helpers/digibug_theme.php +++ b/modules/digibug/helpers/digibug_theme.php @@ -19,6 +19,6 @@ */ class digibug_theme_Core { static function head($theme) { - $theme->script("digibug.js"); + return $theme->script("digibug.js"); } } diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index 978c69a6..ebf8f38e 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -21,9 +21,9 @@ class gallery_theme_Core { static function head($theme) { $session = Session::instance(); $buf = ""; - $theme->css("gallery.css"); + $buf .= $theme->css("gallery.css"); if ($session->get("debug")) { - $theme->css("debug.css"); + $buf .= $theme->css("debug.css"); } if (module::is_active("rss")) { @@ -40,32 +40,33 @@ class gallery_theme_Core { if (count(locales::installed())) { // Needed by the languages block - $theme->script("jquery.cookie.js"); + $buf .= $theme->script("jquery.cookie.js"); } if ($session->get("l10n_mode", false)) { - $theme->css("l10n_client.css"); - $theme->script("jquery.cookie.js"); - $theme->script("l10n_client.js"); + $buf .= $theme->css("l10n_client.css") + . $theme->script("jquery.cookie.js") + . $theme->script("l10n_client.js"); } - $theme->css("uploadify/uploadify.css"); + $buf .= $theme->css("uploadify/uploadify.css"); return $buf; } static function admin_head($theme) { - $theme->css("gallery.css"); - $theme->script("gallery.panel.js"); + $buf = $theme->css("gallery.css"); + $buf .= $theme->script("gallery.panel.js"); $session = Session::instance(); if ($session->get("debug")) { - $theme->css("debug.css"); + $buf .= $theme->css("debug.css"); } if ($session->get("l10n_mode", false)) { - $theme->css("l10n_client.css"); - $theme->script("jquery.cookie.js"); - $theme->script("l10n_client.js"); + $buf .= $theme->css("l10n_client.css"); + $buf .= $theme->script("jquery.cookie.js"); + $buf .=$theme->script("l10n_client.js"); } + return $buf; } static function page_bottom($theme) { diff --git a/modules/recaptcha/helpers/recaptcha_theme.php b/modules/recaptcha/helpers/recaptcha_theme.php index ee880986..3677a7c7 100644 --- a/modules/recaptcha/helpers/recaptcha_theme.php +++ b/modules/recaptcha/helpers/recaptcha_theme.php @@ -19,10 +19,10 @@ */ class recaptcha_theme_Core { static function head($theme) { - $theme->css("recaptcha.css"); + return $theme->css("recaptcha.css"); } static function admin_head($theme) { - $theme->css("recaptcha.css"); + return $theme->css("recaptcha.css"); } } \ No newline at end of file diff --git a/modules/server_add/helpers/server_add_theme.php b/modules/server_add/helpers/server_add_theme.php index 53f78772..6395c2f0 100644 --- a/modules/server_add/helpers/server_add_theme.php +++ b/modules/server_add/helpers/server_add_theme.php @@ -20,24 +20,24 @@ class server_add_theme_Core { static function head($theme) { if (identity::active_user()->admin) { - $theme->css("server_add.css"); - $theme->script("server_add.js"); + return $theme->css("server_add.css") + . $theme->script("server_add.js"); } } static function admin_head($theme) { - $head = array(); + $buf = ""; if (strpos(Router::$current_uri, "admin/server_add") !== false) { - $theme->css("server_add.css"); - $theme->css("jquery.autocomplete.css"); + $buf .= $theme->css("server_add.css") + . $theme->css("jquery.autocomplete.css"); $base = url::site("__ARGS__"); $csrf = access::csrf_token(); - $head[] = ""; + $buf .= ""; - $theme->script("jquery.autocomplete.js"); - $theme->script("admin.js"); + $buf .= $theme->script("jquery.autocomplete.js") + . $theme->script("admin.js"); } - return implode("\n", $head); + return $buf; } } \ No newline at end of file diff --git a/modules/tag/helpers/tag_theme.php b/modules/tag/helpers/tag_theme.php index f731dbb7..3325a832 100644 --- a/modules/tag/helpers/tag_theme.php +++ b/modules/tag/helpers/tag_theme.php @@ -19,13 +19,13 @@ */ class tag_theme_Core { static function head($theme) { - $theme->css("jquery.autocomplete.css"); - $theme->script("jquery.autocomplete.js"); - $theme->css("tag.css"); + return $theme->css("jquery.autocomplete.css") + . $theme->script("jquery.autocomplete.js") + . $theme->css("tag.css"); } static function admin_head($theme) { - $theme->css("tag.css"); - $theme->script("gallery.in_place_edit.js"); + return $theme->css("tag.css") + . $theme->script("gallery.in_place_edit.js"); } } \ No newline at end of file diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php index 5a7161ed..70e96f70 100644 --- a/modules/user/helpers/user_theme.php +++ b/modules/user/helpers/user_theme.php @@ -19,12 +19,12 @@ */ class user_theme_Core { static function head($theme) { - $theme->css("user.css"); - $theme->script("password_strength.js"); + return $theme->css("user.css") + . $theme->script("password_strength.js"); } static function admin_head($theme) { - $theme->css("user.css"); - $theme->script("password_strength.js"); + return $theme->css("user.css") + . $theme->script("password_strength.js"); } } \ No newline at end of file -- cgit v1.2.3 From f0dd16efc428d372cca6ec90ca31251e3ce24382 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 14:59:25 -0800 Subject: Revive the code from Cache_Driver::exists and put it into a helper function in the test so that we can keep our tests functioning. Follow on to 66fd8c7518ab71466aca72d20fb7bcd5f374af26 for #1559. --- modules/gallery/tests/Cache_Test.php | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index b95ef0a2..5e14051a 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -24,8 +24,16 @@ class Cache_Test extends Gallery_Unit_Test_Case { $this->_driver = new Cache_Database_Driver(); } - public function cache_exists_test() { - $this->assert_false($this->_driver->exists("test_key"), "test_key should not be defined"); + private function _exists($id) { + return db::build() + ->where("key", "=", $id) + ->where("expiration", ">=", time()) + ->limit("1") + ->count_records("caches") > 0; + } + + public function cache_exists_test_helper_function_test() { + $this->assert_false($this->_exists("test_key"), "test_key should not be defined"); $id = random::hash(); db::build() @@ -34,7 +42,7 @@ class Cache_Test extends Gallery_Unit_Test_Case { ->values($id, ", ", 84600 + time(), serialize("some test data")) ->execute(); - $this->assert_true($this->_driver->exists($id), "test_key should be defined"); + $this->assert_true($this->_exists($id), "test_key should be defined"); } public function cache_get_test() { @@ -100,9 +108,9 @@ class Cache_Test extends Gallery_Unit_Test_Case { $this->_driver->delete(array($id1)); - $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted"); - $this->assert_true($this->_driver->exists($id2), "$id2 should not have been deleted"); - $this->assert_true($this->_driver->exists($id3), "$id3 should not have been deleted"); + $this->assert_false($this->_exists($id1), "$id1 should have been deleted"); + $this->assert_true($this->_exists($id2), "$id2 should not have been deleted"); + $this->assert_true($this->_exists($id3), "$id3 should not have been deleted"); } public function cache_delete_tag_test() { @@ -120,9 +128,9 @@ class Cache_Test extends Gallery_Unit_Test_Case { $data = $this->_driver->delete_tag(array("tag3")); - $this->assert_true($this->_driver->exists($id1), "$id1 should not have been deleted"); - $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted"); - $this->assert_false($this->_driver->exists($id3), "$id3 should have been deleted"); + $this->assert_true($this->_exists($id1), "$id1 should not have been deleted"); + $this->assert_false($this->_exists($id2), "$id2 should have been deleted"); + $this->assert_false($this->_exists($id3), "$id3 should have been deleted"); } public function cache_delete_all_test() { @@ -140,8 +148,8 @@ class Cache_Test extends Gallery_Unit_Test_Case { $data = $this->_driver->delete(true); - $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted"); - $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted"); - $this->assert_false($this->_driver->exists($id3), "$id3 should have been deleted"); + $this->assert_false($this->_exists($id1), "$id1 should have been deleted"); + $this->assert_false($this->_exists($id2), "$id2 should have been deleted"); + $this->assert_false($this->_exists($id3), "$id3 should have been deleted"); } } \ No newline at end of file -- cgit v1.2.3 From 44da46abd4aa2e210300d1d54c1d6896988fd71b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 15 Jan 2011 15:11:37 -0800 Subject: Golden file updates for xss and controller authentication. --- modules/gallery/tests/controller_auth_data.txt | 5 +- modules/gallery/tests/xss_data.txt | 106 ++++++++++++++----------- 2 files changed, 62 insertions(+), 49 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 24170092..f1192071 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -22,8 +22,8 @@ modules/gallery/controllers/user_profile.php show modules/gallery/controllers/user_profile.php contact DIRTY_AUTH modules/gallery/controllers/user_profile.php send DIRTY_AUTH modules/gallery/controllers/welcome_message.php index DIRTY_AUTH -modules/organize/controllers/organize.php dialog DIRTY_CSRF -modules/organize/controllers/organize.php add_album_fields DIRTY_AUTH +modules/organize/controllers/organize.php tree DIRTY_CSRF +modules/organize/controllers/organize.php delete DIRTY_AUTH modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key_confirm DIRTY_AUTH modules/rest/controllers/rest.php reset_api_key DIRTY_AUTH @@ -35,5 +35,6 @@ modules/server_add/controllers/server_add.php children modules/tag/controllers/admin_tags.php index DIRTY_CSRF modules/tag/controllers/tag.php __call DIRTY_CSRF|DIRTY_AUTH modules/tag/controllers/tags.php autocomplete DIRTY_CSRF|DIRTY_AUTH +modules/user/controllers/admin_users.php index DIRTY_CSRF modules/user/controllers/password.php reset DIRTY_AUTH modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 366391cf..609f786a 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -213,7 +213,7 @@ modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu- modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") -modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") +modules/gallery/views/movieplayer.html.php 17 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__") modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id @@ -262,8 +262,8 @@ modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $use modules/gallery/views/user_profile.html.php 43 DIRTY $info->view modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url() modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) -modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured) -modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url +modules/info/views/info_block.html.php 5 DIRTY $info["label"] +modules/info/views/info_block.html.php 5 DIRTY $info["value"] modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() @@ -274,22 +274,29 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item- modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url -modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $domain -modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $access_key -modules/organize/views/organize_dialog.html.php 96 DIRTY_JS request::protocol() -modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $file_filter -modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $sort_order -modules/organize/views/organize_dialog.html.php 99 DIRTY_JS $sort_fields -modules/organize/views/organize_dialog.html.php 100 DIRTY_JS $album->id -modules/organize/views/organize_dialog.html.php 101 DIRTY_JS $selected_id -modules/organize/views/organize_dialog.html.php 102 DIRTY_JS $rest_uri -modules/organize/views/organize_dialog.html.php 103 DIRTY_JS $controller_uri -modules/organize/views/organize_dialog.html.php 109 DIRTY_JS $flash_minimum_version="10.0.0" -modules/organize/views/organize_dialog.html.php 127 DIRTY_JS $swf_uri -modules/organize/views/organize_dialog.html.php 140 DIRTY_ATTR request::protocol() +modules/organize/views/organize_dialog.html.php 8 DIRTY_JS url::site("items/__ID__") +modules/organize/views/organize_dialog.html.php 14 DIRTY_JS $album->title +modules/organize/views/organize_frame.html.php 12 DIRTY_JS url::file("modules/organize/vendor/ext/images/default/s.gif") +modules/organize/views/organize_frame.html.php 56 DIRTY_JS url::site("organize/album_info/__ID__") +modules/organize/views/organize_frame.html.php 94 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 96 DIRTY_JS url::site("organize/set_sort/__ID__") +modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::site("organize/delete") +modules/organize/views/organize_frame.html.php 125 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 226 DIRTY_JS url::site("organize/rearrange") +modules/organize/views/organize_frame.html.php 237 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 275 DIRTY_JS $key +modules/organize/views/organize_frame.html.php 398 DIRTY_JS url::site("organize/tree/{$album->id}") +modules/organize/views/organize_frame.html.php 456 DIRTY_JS url::site("organize/reparent") +modules/organize/views/organize_frame.html.php 479 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 495 DIRTY_JS access::can("edit",item::root()) +modules/organize/views/organize_frame.html.php 497 DIRTY_JS item::root()->title +modules/organize/views/organize_frame.html.php 499 DIRTY_JS item::root()->id +modules/organize/views/organize_frame.html.php 507 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 508 DIRTY_JS $album->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key +modules/recaptcha/views/form_recaptcha.html.php 3 DIRTY_ATTR request::protocol() +modules/recaptcha/views/form_recaptcha.html.php 8 DIRTY_JS $public_key modules/rest/views/reset_api_key_confirm.html.php 6 DIRTY $form modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri @@ -346,28 +353,31 @@ modules/user/views/admin_users.html.php 73 DIRTY_ATTR $use modules/user/views/admin_users.html.php 74 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) modules/user/views/admin_users.html.php 88 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) modules/user/views/admin_users.html.php 91 DIRTY db::build()->from("items")->where("owner_id","=",$user->id)->count_records() -modules/user/views/admin_users.html.php 127 DIRTY_ATTR $group->id -modules/user/views/admin_users.html.php 127 DIRTY_ATTR ($group->special?"g-default-group":"") -modules/user/views/admin_users.html.php 129 DIRTY $v +modules/user/views/admin_users.html.php 113 DIRTY $pager +modules/user/views/admin_users.html.php 132 DIRTY_ATTR $group->id +modules/user/views/admin_users.html.php 132 DIRTY_ATTR ($group->special?"g-default-group":"") +modules/user/views/admin_users.html.php 134 DIRTY $v modules/user/views/admin_users_delete_user.html.php 6 DIRTY $form modules/user/views/admin_users_group.html.php 24 DIRTY_JS $user->id modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group->id modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 21 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 38 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 42 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 50 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 51 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 54 DIRTY $theme->user_menu() -themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 67 DIRTY $content -themes/admin_wind/views/admin.html.php 73 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 78 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 81 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 31 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 40 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 45 DIRTY $theme->get_combined("script") +themes/admin_wind/views/admin.html.php 48 DIRTY $theme->get_combined("css") +themes/admin_wind/views/admin.html.php 52 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 61 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 64 DIRTY $theme->user_menu() +themes/admin_wind/views/admin.html.php 67 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 70 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 77 DIRTY $content +themes/admin_wind/views/admin.html.php 83 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 88 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 91 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 96 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id @@ -398,20 +408,22 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) -themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 12 DIRTY $theme->item()->title -themes/wind/views/page.html.php 16 DIRTY item::root()->title -themes/wind/views/page.html.php 26 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 35 DIRTY $new_width -themes/wind/views/page.html.php 36 DIRTY $new_height -themes/wind/views/page.html.php 37 DIRTY $thumb_proportion -themes/wind/views/page.html.php 74 DIRTY $header_text -themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 80 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 122 DIRTY $content -themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 135 DIRTY $footer_text +themes/wind/views/page.html.php 10 DIRTY $page_title +themes/wind/views/page.html.php 13 DIRTY $theme->item()->title +themes/wind/views/page.html.php 17 DIRTY item::root()->title +themes/wind/views/page.html.php 31 DIRTY $new_width +themes/wind/views/page.html.php 32 DIRTY $new_height +themes/wind/views/page.html.php 33 DIRTY $thumb_proportion +themes/wind/views/page.html.php 70 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 75 DIRTY $theme->get_combined("script") +themes/wind/views/page.html.php 78 DIRTY $theme->get_combined("css") +themes/wind/views/page.html.php 88 DIRTY $header_text +themes/wind/views/page.html.php 90 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 94 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 115 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 136 DIRTY $content +themes/wind/views/page.html.php 142 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 149 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From 0020f87d6a23ce00200074b678a9293d055e27a3 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sat, 15 Jan 2011 21:49:22 +0100 Subject: Fixed paging for albums ordered by random. MySql has problems when comparing float values against -seemingly same- float input, see http://dev.mysql.com/doc/refman/5.0/en/problems-with-float.html for details. Fixes #1610 --- installer/install.sql | 4 ++-- modules/gallery/helpers/gallery_installer.php | 9 +++++++-- modules/gallery/module.info | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/installer/install.sql b/installer/install.sql index 0ed7f2f3..07aae36d 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -160,7 +160,7 @@ CREATE TABLE {items} ( `name` varchar(255) DEFAULT NULL, `owner_id` int(9) DEFAULT NULL, `parent_id` int(9) NOT NULL, - `rand_key` float DEFAULT NULL, + `rand_key` decimal(11,10) DEFAULT NULL, `relative_path_cache` varchar(255) DEFAULT NULL, `relative_url_cache` varchar(255) DEFAULT NULL, `resize_dirty` tinyint(1) DEFAULT '1', @@ -244,7 +244,7 @@ CREATE TABLE {modules} ( KEY `weight` (`weight`) ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO {modules} VALUES (1,1,'gallery',43,1); +INSERT INTO {modules} VALUES (1,1,'gallery',44,1); INSERT INTO {modules} VALUES (2,1,'user',3,2); INSERT INTO {modules} VALUES (3,1,'comment',3,3); INSERT INTO {modules} VALUES (4,1,'organize',3,4); diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index f7b8da5f..3c7b1c84 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -92,7 +92,7 @@ class gallery_installer { `name` varchar(255) default NULL, `owner_id` int(9) default NULL, `parent_id` int(9) NOT NULL, - `rand_key` float default NULL, + `rand_key` decimal(11,10) default NULL, `relative_path_cache` varchar(255) default NULL, `relative_url_cache` varchar(255) default NULL, `resize_dirty` boolean default 1, @@ -309,7 +309,7 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); - module::set_version("gallery", 43); + module::set_version("gallery", 44); } static function upgrade($version) { @@ -653,6 +653,11 @@ class gallery_installer { $db->query("ALTER TABLE {items} CHANGE `description` `description` text DEFAULT NULL"); module::set_version("gallery", $version = 43); } + + if ($version == 43) { + $db->query("ALTER TABLE {items} CHANGE `rand_key` `rand_key` DECIMAL(11, 10)"); + module::set_version("gallery", $version = 44); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index eb579ab6..4c4e63a1 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 43 +version = 44 -- cgit v1.2.3 From ac44e9c930ec83545b37e1e31381919fbd849d26 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 15:49:34 -0800 Subject: First step in setting up version checking. We now have two types of packages (release, git). Instead of using constants, we now have gallery::version_string() which returns the current version string. If you're on a release package, then the version string looks like: 3.0 (Santa Fe) If you're on a git package, then the version string looks like this: 3.0.1 (branch 3.0.x build 3) We track the build number in a new file in the gallery3 root called BUILD_NUMBER which we will update periodically with the latest build number for each branch. --- BUILD_NUMBER | 1 + modules/gallery/helpers/gallery.php | 25 +++++++++++++++++++++++- modules/gallery/helpers/gallery_theme.php | 2 +- modules/gallery/views/admin_block_stats.html.php | 2 +- 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 BUILD_NUMBER (limited to 'modules/gallery') diff --git a/BUILD_NUMBER b/BUILD_NUMBER new file mode 100644 index 00000000..d00491fd --- /dev/null +++ b/BUILD_NUMBER @@ -0,0 +1 @@ +1 diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 282289b5..c4a6286c 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -18,7 +18,10 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0+ (git)"; + const VERSION = "3.0+"; + const CODE_NAME = ""; + const RELEASE_CHANNEL = "git"; + const RELEASE_BRANCH = "master"; /** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is @@ -184,4 +187,24 @@ class gallery_Core { } putenv("PATH=" . implode(":", $path_env)); } + + /** + * Return a string describing this version of Gallery and the type of release. + */ + static function version_string() { + if (gallery::RELEASE_CHANNEL == "git") { + return sprintf( + "%s (branch %s build %s)", gallery::VERSION, gallery::RELEASE_BRANCH, gallery::build_number()); + } else { + return sprintf("%s (%s)", gallery::VERSION, gallery::CODE_NAME); + } + } + + /** + * Return the contents of the BUILD_NUMBER file, which should be a single integer. + */ + static function build_number() { + $lines = file(DOCROOT . "BUILD_NUMBER", FILE_IGNORE_NEW_LINES); + return $lines[0]; + } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index ebf8f38e..d75c6fc6 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -115,7 +115,7 @@ class gallery_theme_Core { static function credits() { $version_string = SafeString::of_safe_html( - 'Gallery ' . gallery::VERSION . ''); + 'Gallery ' . gallery::version_string() . ''); return "
  • " . t(module::get_var("gallery", "credits"), array("url" => "http://gallery.menalto.com", diff --git a/modules/gallery/views/admin_block_stats.html.php b/modules/gallery/views/admin_block_stats.html.php index 1dec8ccd..c8c54765 100644 --- a/modules/gallery/views/admin_block_stats.html.php +++ b/modules/gallery/views/admin_block_stats.html.php @@ -1,7 +1,7 @@
    • - gallery::VERSION)) ?> + gallery::version_string())) ?>
    • $album_count)) ?> -- cgit v1.2.3 From b78b1090184dd863c984e54652935963cc502eb8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 17:10:30 -0800 Subject: Fix indentation. --- modules/gallery/helpers/gallery.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index c4a6286c..31b342db 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -194,7 +194,8 @@ class gallery_Core { static function version_string() { if (gallery::RELEASE_CHANNEL == "git") { return sprintf( - "%s (branch %s build %s)", gallery::VERSION, gallery::RELEASE_BRANCH, gallery::build_number()); + "%s (branch %s build %s)", gallery::VERSION, gallery::RELEASE_BRANCH, + gallery::build_number()); } else { return sprintf("%s (%s)", gallery::VERSION, gallery::CODE_NAME); } -- cgit v1.2.3 From 84d576606d709dcccef2549fdb926d47494a876c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 21:46:03 -0800 Subject: Change the value column of the messages table from a varchar(255) to a text. Fixes #1612. --- modules/gallery/helpers/gallery_installer.php | 9 +++++++-- modules/gallery/module.info | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 3c7b1c84..92e5b7b8 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -136,7 +136,7 @@ class gallery_installer { `id` int(9) NOT NULL auto_increment, `key` varchar(255) default NULL, `severity` varchar(32) default NULL, - `value` varchar(255) default NULL, + `value` text default NULL, PRIMARY KEY (`id`), UNIQUE KEY(`key`)) DEFAULT CHARSET=utf8;"); @@ -309,7 +309,7 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); - module::set_version("gallery", 44); + module::set_version("gallery", 45); } static function upgrade($version) { @@ -658,6 +658,11 @@ class gallery_installer { $db->query("ALTER TABLE {items} CHANGE `rand_key` `rand_key` DECIMAL(11, 10)"); module::set_version("gallery", $version = 44); } + + if ($version == 44) { + $db->query("ALTER TABLE {messages} CHANGE `value` `value` text default NULL"); + module::set_version("gallery", $version = 45); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index 4c4e63a1..b79df7be 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 44 +version = 45 -- cgit v1.2.3 From 70abfb2a20734802c922c0e9917d2a1778aef3f2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 22:16:09 -0800 Subject: Upgrade checking code is now here, along with a bump of the Gallery module to v46. There's a new block in the admin dashboard which controls whether automatic checking happens, and lets you check immediately. If a newer version is detected, a site status message appears for admins providing upgrade instructions. Automatic checking is not yet implemented (even though the UI claims that it exists). This is all for #1605. --- .../gallery/controllers/admin_upgrade_checker.php | 49 ++++++++++++ modules/gallery/helpers/gallery_block.php | 12 ++- modules/gallery/helpers/gallery_installer.php | 16 +++- modules/gallery/helpers/upgrade_checker.php | 91 ++++++++++++++++++++++ modules/gallery/module.info | 2 +- .../gallery/views/upgrade_checker_block.html.php | 45 +++++++++++ 6 files changed, 212 insertions(+), 3 deletions(-) create mode 100644 modules/gallery/controllers/admin_upgrade_checker.php create mode 100644 modules/gallery/helpers/upgrade_checker.php create mode 100644 modules/gallery/views/upgrade_checker_block.html.php (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/admin_upgrade_checker.php b/modules/gallery/controllers/admin_upgrade_checker.php new file mode 100644 index 00000000..4b1467cd --- /dev/null +++ b/modules/gallery/controllers/admin_upgrade_checker.php @@ -0,0 +1,49 @@ +server("HTTP_REFERER")) { + url::redirect($referer); + } else { + url::redirect(item::root()->abs_url()); + } + } + + function set_auto($val) { + access::verify_csrf(); + module::set_var("gallery", "upgrade_checker_auto_enabled", (bool)$val); + + if ((bool)$val) { + message::success(t("Automatic upgrade checking is enabled.")); + } else { + message::success(t("Automatic upgrade checking is disabled.")); + } + url::redirect("admin/dashboard"); + } +} diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php index 1d92d66d..2189a710 100644 --- a/modules/gallery/helpers/gallery_block.php +++ b/modules/gallery/helpers/gallery_block.php @@ -25,7 +25,9 @@ class gallery_block_Core { "log_entries" => t("Log entries"), "stats" => t("Gallery stats"), "platform_info" => t("Platform information"), - "project_news" => t("Gallery project news")); + "project_news" => t("Gallery project news"), + "upgrade_checker" => t("Check for Gallery upgrades") + ); } static function get_site_list() { @@ -101,6 +103,14 @@ class gallery_block_Core { $block = ""; } break; + + case "upgrade_checker": + $block = new Block(); + $block->css_id = "g-upgrade-available-block"; + $block->title = t("Check for Gallery upgrades"); + $block->content = new View("upgrade_checker_block.html"); + $block->content->version_info = upgrade_checker::version_info(); + $block->content->auto_check_enabled = upgrade_checker::auto_check_enabled(); } return $block; } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 92e5b7b8..1ffe9bae 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -259,6 +259,7 @@ class gallery_installer { module::set_var("gallery", "default_locale", "en_US"); module::set_var("gallery", "image_quality", 75); module::set_var("gallery", "image_sharpen", 15); + module::set_var("gallery", "upgrade_checker_auto_enabled", true); // Add rules for generating our thumbnails and resizes graphics::add_rule( @@ -285,6 +286,7 @@ class gallery_installer { block_manager::add("dashboard_sidebar", "gallery", "platform_info"); block_manager::add("dashboard_sidebar", "gallery", "project_news"); block_manager::add("dashboard_center", "gallery", "welcome"); + block_manager::add("dashboard_center", "gallery", "upgrade_checker"); block_manager::add("dashboard_center", "gallery", "photo_stream"); block_manager::add("dashboard_center", "gallery", "log_entries"); @@ -309,7 +311,7 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); - module::set_version("gallery", 45); + module::set_version("gallery", 46); } static function upgrade($version) { @@ -663,6 +665,18 @@ class gallery_installer { $db->query("ALTER TABLE {messages} CHANGE `value` `value` text default NULL"); module::set_version("gallery", $version = 45); } + + if ($version == 45) { + // Splice the upgrade_checker block into the admin dashboard at the top + // of the page, but under the welcome block if it's in the first position. + $blocks = block_manager::get_active("dashboard_center"); + $index = count($blocks) && current($blocks) == array("gallery", "welcome") ? 1 : 0; + array_splice($blocks, $index, 0, array(random::int() => array("gallery", "upgrade_checker"))); + block_manager::set_active("dashboard_center", $blocks); + + module::set_var("gallery", "upgrade_checker_auto_enabled", true); + module::set_version("gallery", $version = 46); + } } static function uninstall() { diff --git a/modules/gallery/helpers/upgrade_checker.php b/modules/gallery/helpers/upgrade_checker.php new file mode 100644 index 00000000..9311cf4a --- /dev/null +++ b/modules/gallery/helpers/upgrade_checker.php @@ -0,0 +1,91 @@ +get("upgrade_checker_version_info")); + } + + static function auto_check_enabled() { + return (bool)module::get_var("gallery", "upgrade_checker_auto_enabled"); + } + + static function fetch_version_info() { + $result = new stdClass(); + try { + list ($status, $headers, $body) = remote::do_request(upgrade_checker::CHECK_URL); + if ($status == "HTTP/1.1 200 OK") { + $result->status = "success"; + foreach (explode("\n", $body) as $line) { + if ($line) { + list($key, $val) = explode("=", $line, 2); + $result->data[$key] = $val; + } + } + } else { + $result->status = "error"; + } + } catch (Exception $e) { + Kohana_Log::add("error", + sprintf("%s in %s at line %s:\n%s", $e->getMessage(), $e->getFile(), + $e->getLine(), $e->getTraceAsString())); + } + $result->timestamp = time(); + Cache::instance()->set("upgrade_checker_version_info", serialize($result), null, 86400 * 365); + } + + static function check_for_upgrade() { + $version_info = upgrade_checker::version_info(); + $upgrade_available = false; + if ($version_info) { + if (gallery::RELEASE_CHANNEL == "release") { + if (version_compare($version_info->data["release_version"], gallery::VERSION, ">")) { + site_status::warning( + t("A newer version of Gallery is available! Upgrade now to version %version or wait until later.", + array("version" => $version_info->data["release_version"], + "upgrade-url" => $version_info->data["release_upgrade_url"], + "hide-url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))), + "upgrade_checker"); + $upgrade_available = true; + } + } else { + $branch = gallery::RELEASE_BRANCH; + if (isset($version_info->data["{$branch}_build_number"]) && + version_compare($version_info->data["{$branch}_build_number"], + gallery::build_number(), ">")) { + site_status::warning( + t("A newer version of Gallery is available! Upgrade now to version %version (build %build on branch %branch) or wait until later.", + array("version" => $version_info->data["{$branch}_version"], + "upgrade-url" => $version_info->data["{$branch}_upgrade_url"], + "build" => $version_info->data["{$branch}_build_number"], + "branch" => $branch, + "hide-url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))), + "upgrade_checker"); + $upgrade_available = true; + } + } + } + + if (!$upgrade_available) { + site_status::clear("upgrade_checker"); + } + } +} diff --git a/modules/gallery/module.info b/modules/gallery/module.info index b79df7be..4c0c8866 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 45 +version = 46 diff --git a/modules/gallery/views/upgrade_checker_block.html.php b/modules/gallery/views/upgrade_checker_block.html.php new file mode 100644 index 00000000..30e18305 --- /dev/null +++ b/modules/gallery/views/upgrade_checker_block.html.php @@ -0,0 +1,45 @@ + +

      + +

      + +

      + + %code_name.", array("version" => gallery::VERSION, "code_name" => gallery::CODE_NAME)) ?> + + gallery::VERSION, "branch" => gallery::RELEASE_BRANCH, "build_number" => gallery::build_number())) ?> + +

      + +

      + "> + + + + "> + + + + "> + + + +

      + +

      + + + + + + + + + gallery::date_time($version_info->timestamp))) ?> + +

      + -- cgit v1.2.3 From 167f635a6ce5a71b35450844f9b5c647aa14bcc1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 23:06:19 -0800 Subject: Add arguments to random::int() to match mt_rand(). Follow on to cd48b89f3166e7fa732b5cb06d33fba018af9127 for #1527. --- modules/gallery/helpers/random.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php index a26762bd..dfc7558c 100644 --- a/modules/gallery/helpers/random.php +++ b/modules/gallery/helpers/random.php @@ -42,9 +42,13 @@ class random_Core { } /** - * Return a random number between 0 and mt_getrandmax() + * Return a random number between $min and $max. If $min and $max are not specified, + * return a random number between 0 and mt_getrandmax() */ - static function int() { + static function int($min=null, $max=null) { + if ($min || $max) { + return mt_rand($min, $max); + } return mt_rand(); } } \ No newline at end of file -- cgit v1.2.3 From 66bb496b6c2ad9c5341644b2e303e694078374d1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 Jan 2011 23:14:57 -0800 Subject: If the logged in user is an admin and it's been more than 7 days since the last check and auto upgrade checking is enabled, fire off an XHR to check for a possible upgrade. Finishes off #1605. --- modules/gallery/helpers/gallery_installer.php | 3 +++ modules/gallery/helpers/gallery_theme.php | 20 ++++++++++++++++++-- modules/gallery/helpers/upgrade_checker.php | 25 +++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 1ffe9bae..41ed1c6e 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -677,6 +677,9 @@ class gallery_installer { module::set_var("gallery", "upgrade_checker_auto_enabled", true); module::set_version("gallery", $version = 46); } + + // Clear any upgrade check strings, we are probably up to date. + site_status::clear("upgrade_check"); } static function uninstall() { diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index d75c6fc6..a6ca5eb7 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -76,13 +76,22 @@ class gallery_theme_Core { $profiler = new Profiler(); $profiler->render(); } + $content = ""; if ($session->get("l10n_mode", false)) { - return L10n_Client_Controller::l10n_form(); + $content .= L10n_Client_Controller::l10n_form(); } if ($session->get_once("after_install")) { - return new View("welcome_message_loader.html"); + $content .= new View("welcome_message_loader.html"); } + + if (identity::active_user()->admin && upgrade_checker::should_auto_check()) { + $content .= ''; + } + return $content; } static function admin_page_bottom($theme) { @@ -107,6 +116,13 @@ class gallery_theme_Core { setInterval("adminReauthCheck();", 60 * 1000); '; + if (upgrade_checker::should_auto_check()) { + $content .= ''; + } + if ($session->get("l10n_mode", false)) { $content .= "\n" . L10n_Client_Controller::l10n_form(); } diff --git a/modules/gallery/helpers/upgrade_checker.php b/modules/gallery/helpers/upgrade_checker.php index 9311cf4a..ef1308d7 100644 --- a/modules/gallery/helpers/upgrade_checker.php +++ b/modules/gallery/helpers/upgrade_checker.php @@ -19,15 +19,37 @@ */ class upgrade_checker_Core { const CHECK_URL = "http://gallery.menalto.com/versioncheck/gallery3"; + const AUTO_CHECK_INTERVAL = 604800; // 7 days in seconds + /** + * Return the last version info blob retrieved from the Gallery website or + * null if no checks have been performed. + */ static function version_info() { return unserialize(Cache::instance()->get("upgrade_checker_version_info")); } + /** + * Return true if auto checking is enabled. + */ static function auto_check_enabled() { return (bool)module::get_var("gallery", "upgrade_checker_auto_enabled"); } + /** + * Return true if it's time to auto check. + */ + static function should_auto_check() { + if (upgrade_checker::auto_check_enabled() && random::int(1, 100) == 1) { + $version_info = upgrade_checker::version_info(); + return (!$version_info || (time() - $version_info->timestamp) > AUTO_CHECK_INTERVAL); + } + return false; + } + + /** + * Fech version info from the Gallery website. + */ static function fetch_version_info() { $result = new stdClass(); try { @@ -52,6 +74,9 @@ class upgrade_checker_Core { Cache::instance()->set("upgrade_checker_version_info", serialize($result), null, 86400 * 365); } + /** + * Check the latest version info blob to see if it's time for an upgrade. + */ static function check_for_upgrade() { $version_info = upgrade_checker::version_info(); $upgrade_available = false; -- cgit v1.2.3 From 14ae5d854400d632b63a331f541f180b8d1f3ea1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 17:07:32 -0800 Subject: Update version checking code to expect "branch_" as the prefix for all branch related lines. For #1605. --- modules/gallery/helpers/upgrade_checker.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/upgrade_checker.php b/modules/gallery/helpers/upgrade_checker.php index ef1308d7..0e72bb94 100644 --- a/modules/gallery/helpers/upgrade_checker.php +++ b/modules/gallery/helpers/upgrade_checker.php @@ -93,14 +93,14 @@ class upgrade_checker_Core { } } else { $branch = gallery::RELEASE_BRANCH; - if (isset($version_info->data["{$branch}_build_number"]) && - version_compare($version_info->data["{$branch}_build_number"], + if (isset($version_info->data["branch_{$branch}_build_number"]) && + version_compare($version_info->data["branch_{$branch}_build_number"], gallery::build_number(), ">")) { site_status::warning( t("A newer version of Gallery is available! Upgrade now to version %version (build %build on branch %branch) or wait until later.", - array("version" => $version_info->data["{$branch}_version"], - "upgrade-url" => $version_info->data["{$branch}_upgrade_url"], - "build" => $version_info->data["{$branch}_build_number"], + array("version" => $version_info->data["branch_{$branch}_version"], + "upgrade-url" => $version_info->data["branch_{$branch}_upgrade_url"], + "build" => $version_info->data["branch_{$branch}_build_number"], "branch" => $branch, "hide-url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))), "upgrade_checker"); -- cgit v1.2.3 From 29be21bb0deaf70558b1aa02a115e67daefea0bd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 17:27:16 -0800 Subject: Add BUILD_NUMBER to the security check in .htaccess Change BUILD_NUMBER to be .ini format and add a big "do not edit" comment. --- .htaccess | 2 +- BUILD_NUMBER | 7 ++++++- modules/gallery/helpers/gallery.php | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'modules/gallery') diff --git a/.htaccess b/.htaccess index 5a329520..771a8df0 100644 --- a/.htaccess +++ b/.htaccess @@ -29,7 +29,7 @@ # in your Apache2 config file before you uncomment this block or # you'll get an "Internal Server Error". # -# +# # Order deny,allow # Deny from all # diff --git a/BUILD_NUMBER b/BUILD_NUMBER index 0691f67b..d32d51e9 100644 --- a/BUILD_NUMBER +++ b/BUILD_NUMBER @@ -1 +1,6 @@ -52 +; This file keeps track of the build number for the "master" +; branch of gallery3. It's kept up to date by an automated +; process. You don't need to edit it. In fact.. +; +; DO NOT EDIT THIS FILE BY HAND! +build_number=52 diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 31b342db..7a60f56a 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -205,7 +205,7 @@ class gallery_Core { * Return the contents of the BUILD_NUMBER file, which should be a single integer. */ static function build_number() { - $lines = file(DOCROOT . "BUILD_NUMBER", FILE_IGNORE_NEW_LINES); - return $lines[0]; + $result = parse_ini_file(DOCROOT . "BUILD_NUMBER"); + return $result["build_number"]; } } \ No newline at end of file -- cgit v1.2.3 From 76411d7d6d481bc2ab51e24ec2dbf003f43ce40b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 17:33:10 -0800 Subject: Rename BUILD_NUMBER to .build_number so it's not so loud. --- .build_number | 6 ++++++ .gitattributes | 2 +- BUILD_NUMBER | 6 ------ modules/gallery/helpers/gallery.php | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 .build_number delete mode 100644 BUILD_NUMBER (limited to 'modules/gallery') diff --git a/.build_number b/.build_number new file mode 100644 index 00000000..d32d51e9 --- /dev/null +++ b/.build_number @@ -0,0 +1,6 @@ +; This file keeps track of the build number for the "master" +; branch of gallery3. It's kept up to date by an automated +; process. You don't need to edit it. In fact.. +; +; DO NOT EDIT THIS FILE BY HAND! +build_number=52 diff --git a/.gitattributes b/.gitattributes index 9122eeb1..fdf9d072 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ -BUILD_NUMBER merge=merge-keep-ours +.build_number merge=merge-keep-ours diff --git a/BUILD_NUMBER b/BUILD_NUMBER deleted file mode 100644 index d32d51e9..00000000 --- a/BUILD_NUMBER +++ /dev/null @@ -1,6 +0,0 @@ -; This file keeps track of the build number for the "master" -; branch of gallery3. It's kept up to date by an automated -; process. You don't need to edit it. In fact.. -; -; DO NOT EDIT THIS FILE BY HAND! -build_number=52 diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 7a60f56a..ad9f40e8 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -202,10 +202,10 @@ class gallery_Core { } /** - * Return the contents of the BUILD_NUMBER file, which should be a single integer. + * Return the contents of the .build_number file, which should be a single integer. */ static function build_number() { - $result = parse_ini_file(DOCROOT . "BUILD_NUMBER"); + $result = parse_ini_file(DOCROOT . ".build_number"); return $result["build_number"]; } } \ No newline at end of file -- cgit v1.2.3 From 45caba09f81e53dfa4264bc74c4e6ed7935bd5f9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 20:03:11 -0800 Subject: Move the code that clears the upgrade_check site status message to the upgrader so that it's cleared any time we run an upgrade. Part of --- modules/gallery/controllers/upgrader.php | 3 +++ modules/gallery/helpers/gallery_installer.php | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 66c71648..0932090f 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -94,6 +94,9 @@ class Upgrader_Controller extends Controller { // If the upgrade failed, this will get recreated site_status::clear("upgrade_now"); + // Clear any upgrade check strings, we are probably up to date. + site_status::clear("upgrade_check"); + if (php_sapi_name() == "cli") { if ($failed) { print "Upgrade completed ** WITH FAILURES **\n"; diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 41ed1c6e..1ffe9bae 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -677,9 +677,6 @@ class gallery_installer { module::set_var("gallery", "upgrade_checker_auto_enabled", true); module::set_version("gallery", $version = 46); } - - // Clear any upgrade check strings, we are probably up to date. - site_status::clear("upgrade_check"); } static function uninstall() { -- cgit v1.2.3 From 20ae106c22b9528d34fb85d09a7ab542e6c6c880 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 21:15:33 -0800 Subject: Display a message in the "Check for Gallery upgrades" block when there's a newer version available, even if the user has dismissed the site status message. #1605. --- .../gallery/controllers/admin_upgrade_checker.php | 9 ++++++- modules/gallery/helpers/gallery_block.php | 1 + modules/gallery/helpers/upgrade_checker.php | 31 +++++++--------------- .../gallery/views/upgrade_checker_block.html.php | 8 ++++++ themes/admin_wind/css/screen.css | 2 +- 5 files changed, 27 insertions(+), 24 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/admin_upgrade_checker.php b/modules/gallery/controllers/admin_upgrade_checker.php index 4b1467cd..456a982c 100644 --- a/modules/gallery/controllers/admin_upgrade_checker.php +++ b/modules/gallery/controllers/admin_upgrade_checker.php @@ -21,7 +21,14 @@ class Admin_Upgrade_Checker_Controller extends Admin_Controller { function check_now() { access::verify_csrf(); upgrade_checker::fetch_version_info(); - upgrade_checker::check_for_upgrade(); + $message = upgrade_checker::get_upgrade_message(); + if ($message) { + $message .= " [x]"; + site_status::info($message, "upgrade_checker"); + } else { + site_status::clear("upgrade_checker"); + } url::redirect("admin/dashboard"); } diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php index 2189a710..fed786cc 100644 --- a/modules/gallery/helpers/gallery_block.php +++ b/modules/gallery/helpers/gallery_block.php @@ -111,6 +111,7 @@ class gallery_block_Core { $block->content = new View("upgrade_checker_block.html"); $block->content->version_info = upgrade_checker::version_info(); $block->content->auto_check_enabled = upgrade_checker::auto_check_enabled(); + $block->content->new_version = upgrade_checker::get_upgrade_message(); } return $block; } diff --git a/modules/gallery/helpers/upgrade_checker.php b/modules/gallery/helpers/upgrade_checker.php index 0e72bb94..f92203c8 100644 --- a/modules/gallery/helpers/upgrade_checker.php +++ b/modules/gallery/helpers/upgrade_checker.php @@ -77,40 +77,27 @@ class upgrade_checker_Core { /** * Check the latest version info blob to see if it's time for an upgrade. */ - static function check_for_upgrade() { + static function get_upgrade_message() { $version_info = upgrade_checker::version_info(); - $upgrade_available = false; if ($version_info) { if (gallery::RELEASE_CHANNEL == "release") { if (version_compare($version_info->data["release_version"], gallery::VERSION, ">")) { - site_status::warning( - t("A newer version of Gallery is available! Upgrade now to version %version or wait until later.", - array("version" => $version_info->data["release_version"], - "upgrade-url" => $version_info->data["release_upgrade_url"], - "hide-url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))), - "upgrade_checker"); - $upgrade_available = true; + return t("A newer version of Gallery is available! Upgrade now to version %version", + array("version" => $version_info->data["release_version"], + "upgrade-url" => $version_info->data["release_upgrade_url"])); } } else { $branch = gallery::RELEASE_BRANCH; if (isset($version_info->data["branch_{$branch}_build_number"]) && version_compare($version_info->data["branch_{$branch}_build_number"], gallery::build_number(), ">")) { - site_status::warning( - t("A newer version of Gallery is available! Upgrade now to version %version (build %build on branch %branch) or wait until later.", - array("version" => $version_info->data["branch_{$branch}_version"], - "upgrade-url" => $version_info->data["branch_{$branch}_upgrade_url"], - "build" => $version_info->data["branch_{$branch}_build_number"], - "branch" => $branch, - "hide-url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))), - "upgrade_checker"); - $upgrade_available = true; + return t("A newer version of Gallery is available! Upgrade now to version %version (build %build on branch %branch)", + array("version" => $version_info->data["branch_{$branch}_version"], + "upgrade-url" => $version_info->data["branch_{$branch}_upgrade_url"], + "build" => $version_info->data["branch_{$branch}_build_number"], + "branch" => $branch)); } } } - - if (!$upgrade_available) { - site_status::clear("upgrade_checker"); - } } } diff --git a/modules/gallery/views/upgrade_checker_block.html.php b/modules/gallery/views/upgrade_checker_block.html.php index 30e18305..b04887b2 100644 --- a/modules/gallery/views/upgrade_checker_block.html.php +++ b/modules/gallery/views/upgrade_checker_block.html.php @@ -11,6 +11,14 @@

      + +
        +
      • + +
        • +
      + +

      "> diff --git a/themes/admin_wind/css/screen.css b/themes/admin_wind/css/screen.css index 7d491cb7..a5376ff6 100644 --- a/themes/admin_wind/css/screen.css +++ b/themes/admin_wind/css/screen.css @@ -888,10 +888,10 @@ button { background-position: .4em .3em; border: 1px solid #ccc; padding: 0; + margin-bottom: 1em; } #g-action-status { - margin-bottom: 1em; } #g-action-status li, -- cgit v1.2.3 From 83bf1d767b9dac33ca1c2f01141358cd0b657523 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 21:18:24 -0800 Subject: Fix typo: upgrade_check -> upgrade_checker #1605. --- modules/gallery/controllers/upgrader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 0932090f..6a34f19f 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -95,7 +95,7 @@ class Upgrader_Controller extends Controller { site_status::clear("upgrade_now"); // Clear any upgrade check strings, we are probably up to date. - site_status::clear("upgrade_check"); + site_status::clear("upgrade_checker"); if (php_sapi_name() == "cli") { if ($failed) { -- cgit v1.2.3 From 56e6cb998f9b2f55af88fef426f8a69cc0058cb2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 17 Jan 2011 21:37:51 -0800 Subject: Change the [x] close box to "(remind me later)". #1605. --- modules/gallery/controllers/admin_upgrade_checker.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/admin_upgrade_checker.php b/modules/gallery/controllers/admin_upgrade_checker.php index 456a982c..366bd64e 100644 --- a/modules/gallery/controllers/admin_upgrade_checker.php +++ b/modules/gallery/controllers/admin_upgrade_checker.php @@ -23,8 +23,9 @@ class Admin_Upgrade_Checker_Controller extends Admin_Controller { upgrade_checker::fetch_version_info(); $message = upgrade_checker::get_upgrade_message(); if ($message) { - $message .= " [x]"; + $message .= t( + " (remind me later)", + array("url" => url::site("admin/upgrade_checker/remind_me_later?csrf=__CSRF__"))); site_status::info($message, "upgrade_checker"); } else { site_status::clear("upgrade_checker"); -- cgit v1.2.3 From 08c41f2976cb49b85ec896b11735edb008d53881 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 21 Jan 2011 00:07:00 -0800 Subject: Add "html_attributes" theme callback to allow modules to inject attributes into the element, including things like namespaces. Fixes #1615. --- modules/gallery/libraries/Admin_View.php | 1 + modules/gallery/libraries/Theme_View.php | 1 + themes/admin_wind/views/admin.html.php | 2 +- themes/wind/views/page.html.php | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 1a633a34..b5d3871e 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -86,6 +86,7 @@ class Admin_View_Core extends Gallery_View { case "admin_page_top": case "admin_head": case "body_attributes": + case "html_attributes": $blocks = array(); foreach (module::active() as $module) { $helper_class = "{$module->name}_theme"; diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 04784ca1..cdc7a7cd 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -224,6 +224,7 @@ class Theme_View_Core extends Gallery_View { case "head": case "header_bottom": case "header_top": + case "html_attributes": case "page_bottom": case "page_top": case "photo_blocks": diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php index 54b30c6f..9e011c69 100644 --- a/themes/admin_wind/views/admin.html.php +++ b/themes/admin_wind/views/admin.html.php @@ -1,7 +1,7 @@ - +html_attributes() ?> xml:lang="en" lang="en"> start_combining("script,css") ?> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 441866d5..0e5bdf6b 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -1,7 +1,7 @@ - +html_attributes() ?> xml:lang="en" lang="en"> start_combining("script,css") ?> -- cgit v1.2.3 From 423daa52d55a5298b461384baedc995eee09a0d1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 21 Jan 2011 23:01:06 -0800 Subject: Update copyright to 2011. --- application/Bootstrap.php | 2 +- application/config/config.php | 2 +- index.php | 2 +- installer/cli.php | 2 +- installer/index.php | 2 +- installer/installer.php | 2 +- installer/web.php | 2 +- modules/akismet/controllers/admin_akismet.php | 2 +- modules/akismet/helpers/akismet.php | 2 +- modules/akismet/helpers/akismet_event.php | 2 +- modules/akismet/helpers/akismet_installer.php | 2 +- modules/akismet/tests/Akismet_Helper_Test.php | 2 +- modules/comment/controllers/admin_comments.php | 2 +- modules/comment/controllers/admin_manage_comments.php | 2 +- modules/comment/controllers/comments.php | 2 +- modules/comment/helpers/comment.php | 2 +- modules/comment/helpers/comment_block.php | 2 +- modules/comment/helpers/comment_event.php | 2 +- modules/comment/helpers/comment_installer.php | 2 +- modules/comment/helpers/comment_rest.php | 2 +- modules/comment/helpers/comment_rss.php | 2 +- modules/comment/helpers/comment_theme.php | 2 +- modules/comment/helpers/comments_rest.php | 2 +- modules/comment/helpers/item_comments_rest.php | 2 +- modules/comment/models/comment.php | 2 +- modules/comment/tests/Comment_Event_Test.php | 2 +- modules/comment/tests/Comment_Helper_Test.php | 2 +- modules/comment/tests/Comment_Model_Test.php | 2 +- modules/digibug/config/digibug.php | 2 +- modules/digibug/controllers/admin_digibug.php | 2 +- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/helpers/digibug_event.php | 2 +- modules/digibug/helpers/digibug_installer.php | 2 +- modules/digibug/helpers/digibug_theme.php | 2 +- modules/digibug/models/digibug_proxy.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 2 +- modules/exif/controllers/exif.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/exif/helpers/exif_event.php | 2 +- modules/exif/helpers/exif_installer.php | 2 +- modules/exif/helpers/exif_task.php | 2 +- modules/exif/helpers/exif_theme.php | 2 +- modules/exif/models/exif_key.php | 2 +- modules/exif/models/exif_record.php | 2 +- modules/exif/tests/Exif_Test.php | 2 +- modules/g2_import/controllers/admin_g2_import.php | 2 +- modules/g2_import/controllers/g2.php | 2 +- modules/g2_import/helpers/g2_import.php | 2 +- modules/g2_import/helpers/g2_import_event.php | 2 +- modules/g2_import/helpers/g2_import_installer.php | 2 +- modules/g2_import/helpers/g2_import_task.php | 2 +- modules/g2_import/libraries/G2_Import_Exception.php | 2 +- modules/g2_import/models/g2_map.php | 2 +- modules/gallery/config/cache.php | 2 +- modules/gallery/config/cookie.php | 2 +- modules/gallery/config/database.php | 2 +- modules/gallery/config/locale.php | 2 +- modules/gallery/config/log_file.php | 2 +- modules/gallery/config/routes.php | 2 +- modules/gallery/config/session.php | 2 +- modules/gallery/config/upload.php | 2 +- modules/gallery/config/user_agents.php | 2 +- modules/gallery/controllers/admin.php | 2 +- modules/gallery/controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/admin_dashboard.php | 2 +- modules/gallery/controllers/admin_graphics.php | 2 +- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/controllers/admin_modules.php | 2 +- modules/gallery/controllers/admin_sidebar.php | 2 +- modules/gallery/controllers/admin_theme_options.php | 2 +- modules/gallery/controllers/admin_themes.php | 2 +- modules/gallery/controllers/admin_upgrade_checker.php | 2 +- modules/gallery/controllers/albums.php | 2 +- modules/gallery/controllers/combined.php | 2 +- modules/gallery/controllers/file_proxy.php | 2 +- modules/gallery/controllers/items.php | 2 +- modules/gallery/controllers/l10n_client.php | 2 +- modules/gallery/controllers/login.php | 2 +- modules/gallery/controllers/logout.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/packager.php | 2 +- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/photos.php | 2 +- modules/gallery/controllers/quick.php | 2 +- modules/gallery/controllers/reauthenticate.php | 2 +- modules/gallery/controllers/upgrader.php | 2 +- modules/gallery/controllers/uploader.php | 2 +- modules/gallery/controllers/user_profile.php | 2 +- modules/gallery/controllers/welcome_message.php | 2 +- modules/gallery/helpers/MY_html.php | 2 +- modules/gallery/helpers/MY_num.php | 2 +- modules/gallery/helpers/MY_remote.php | 2 +- modules/gallery/helpers/MY_url.php | 2 +- modules/gallery/helpers/access.php | 2 +- modules/gallery/helpers/album.php | 2 +- modules/gallery/helpers/auth.php | 2 +- modules/gallery/helpers/batch.php | 2 +- modules/gallery/helpers/block_manager.php | 2 +- modules/gallery/helpers/data_rest.php | 2 +- modules/gallery/helpers/dir.php | 2 +- modules/gallery/helpers/gallery.php | 2 +- modules/gallery/helpers/gallery_block.php | 2 +- modules/gallery/helpers/gallery_error.php | 2 +- modules/gallery/helpers/gallery_event.php | 2 +- modules/gallery/helpers/gallery_graphics.php | 2 +- modules/gallery/helpers/gallery_installer.php | 2 +- modules/gallery/helpers/gallery_rss.php | 2 +- modules/gallery/helpers/gallery_task.php | 2 +- modules/gallery/helpers/gallery_theme.php | 2 +- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/helpers/identity.php | 2 +- modules/gallery/helpers/item.php | 2 +- modules/gallery/helpers/item_rest.php | 2 +- modules/gallery/helpers/items_rest.php | 2 +- modules/gallery/helpers/json.php | 2 +- modules/gallery/helpers/l10n_client.php | 2 +- modules/gallery/helpers/l10n_scanner.php | 2 +- modules/gallery/helpers/locales.php | 2 +- modules/gallery/helpers/log.php | 2 +- modules/gallery/helpers/message.php | 2 +- modules/gallery/helpers/model_cache.php | 2 +- modules/gallery/helpers/module.php | 2 +- modules/gallery/helpers/movie.php | 2 +- modules/gallery/helpers/photo.php | 2 +- modules/gallery/helpers/random.php | 2 +- modules/gallery/helpers/site_status.php | 2 +- modules/gallery/helpers/system.php | 2 +- modules/gallery/helpers/task.php | 2 +- modules/gallery/helpers/theme.php | 2 +- modules/gallery/helpers/tree_rest.php | 2 +- modules/gallery/helpers/upgrade_checker.php | 2 +- modules/gallery/helpers/user_profile.php | 2 +- modules/gallery/helpers/xml.php | 2 +- modules/gallery/hooks/init_gallery.php | 2 +- modules/gallery/libraries/Admin_View.php | 2 +- modules/gallery/libraries/Block.php | 2 +- modules/gallery/libraries/Form_Script.php | 2 +- modules/gallery/libraries/Form_Uploadify.php | 2 +- modules/gallery/libraries/Form_Uploadify_buttons.php | 2 +- modules/gallery/libraries/Gallery_I18n.php | 2 +- modules/gallery/libraries/Gallery_View.php | 2 +- modules/gallery/libraries/IdentityProvider.php | 2 +- modules/gallery/libraries/InPlaceEdit.php | 2 +- modules/gallery/libraries/MY_Database.php | 2 +- modules/gallery/libraries/MY_Forge.php | 2 +- modules/gallery/libraries/MY_Input.php | 2 +- modules/gallery/libraries/MY_Kohana_Exception.php | 2 +- modules/gallery/libraries/MY_ORM.php | 2 +- modules/gallery/libraries/MY_Pagination.php | 2 +- modules/gallery/libraries/MY_View.php | 2 +- modules/gallery/libraries/Menu.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 2 +- modules/gallery/libraries/SafeString.php | 2 +- modules/gallery/libraries/Sendmail.php | 2 +- modules/gallery/libraries/Task_Definition.php | 2 +- modules/gallery/libraries/Theme_View.php | 2 +- modules/gallery/libraries/drivers/Cache/Database.php | 2 +- modules/gallery/libraries/drivers/IdentityProvider.php | 2 +- modules/gallery/models/access_cache.php | 2 +- modules/gallery/models/access_intent.php | 2 +- modules/gallery/models/cache.php | 2 +- modules/gallery/models/failed_auth.php | 2 +- modules/gallery/models/graphics_rule.php | 2 +- modules/gallery/models/incoming_translation.php | 2 +- modules/gallery/models/item.php | 2 +- modules/gallery/models/log.php | 2 +- modules/gallery/models/message.php | 2 +- modules/gallery/models/module.php | 2 +- modules/gallery/models/outgoing_translation.php | 2 +- modules/gallery/models/permission.php | 2 +- modules/gallery/models/task.php | 2 +- modules/gallery/models/theme.php | 2 +- modules/gallery/models/var.php | 2 +- modules/gallery/tests/Access_Helper_Test.php | 2 +- modules/gallery/tests/Albums_Controller_Test.php | 2 +- modules/gallery/tests/Cache_Test.php | 2 +- modules/gallery/tests/Controller_Auth_Test.php | 2 +- modules/gallery/tests/Database_Test.php | 2 +- modules/gallery/tests/Dir_Helper_Test.php | 2 +- modules/gallery/tests/DrawForm_Test.php | 2 +- modules/gallery/tests/File_Structure_Test.php | 4 ++-- modules/gallery/tests/Gallery_Filters.php | 2 +- modules/gallery/tests/Gallery_I18n_Test.php | 2 +- modules/gallery/tests/Gallery_Installer_Test.php | 2 +- modules/gallery/tests/Html_Helper_Test.php | 2 +- modules/gallery/tests/Input_Library_Test.php | 2 +- modules/gallery/tests/Item_Helper_Test.php | 2 +- modules/gallery/tests/Item_Model_Test.php | 2 +- modules/gallery/tests/Item_Rest_Helper_Test.php | 2 +- modules/gallery/tests/Items_Rest_Helper_Test.php | 2 +- modules/gallery/tests/Kohana_Exception_Test.php | 2 +- modules/gallery/tests/Locales_Helper_Test.php | 2 +- modules/gallery/tests/Menu_Test.php | 2 +- modules/gallery/tests/ORM_MPTT_Test.php | 2 +- modules/gallery/tests/Photos_Controller_Test.php | 2 +- modules/gallery/tests/SafeString_Test.php | 2 +- modules/gallery/tests/Sendmail_Test.php | 2 +- modules/gallery/tests/Url_Security_Test.php | 2 +- modules/gallery/tests/Var_Test.php | 2 +- modules/gallery/tests/Xss_Security_Test.php | 2 +- modules/gallery_unit_test/controllers/gallery_unit_test.php | 2 +- modules/gallery_unit_test/helpers/MY_request.php | 2 +- modules/gallery_unit_test/helpers/test.php | 2 +- modules/gallery_unit_test/libraries/Gallery_Unit_Test_Case.php | 2 +- modules/image_block/helpers/image_block_block.php | 2 +- modules/image_block/helpers/image_block_installer.php | 2 +- modules/info/helpers/info_block.php | 2 +- modules/info/helpers/info_installer.php | 2 +- modules/info/helpers/info_theme.php | 2 +- modules/kohana23_compat/config/pagination.php | 2 +- modules/kohana23_compat/libraries/MY_Database_Builder.php | 2 +- modules/kohana23_compat/libraries/Pagination.php | 2 +- modules/notification/controllers/notification.php | 2 +- modules/notification/helpers/notification.php | 2 +- modules/notification/helpers/notification_event.php | 2 +- modules/notification/helpers/notification_installer.php | 2 +- modules/notification/models/pending_notification.php | 2 +- modules/notification/models/subscription.php | 2 +- modules/organize/controllers/organize.php | 2 +- modules/organize/helpers/organize_event.php | 2 +- modules/organize/helpers/organize_installer.php | 2 +- modules/recaptcha/controllers/admin_recaptcha.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/recaptcha/helpers/recaptcha_event.php | 2 +- modules/recaptcha/helpers/recaptcha_installer.php | 2 +- modules/recaptcha/helpers/recaptcha_theme.php | 2 +- modules/recaptcha/libraries/Form_Recaptcha.php | 2 +- modules/rest/controllers/rest.php | 2 +- modules/rest/helpers/registry_rest.php | 2 +- modules/rest/helpers/rest.php | 2 +- modules/rest/helpers/rest_event.php | 2 +- modules/rest/helpers/rest_installer.php | 2 +- modules/rest/libraries/Rest_Exception.php | 2 +- modules/rest/models/user_access_key.php | 2 +- modules/rest/tests/Rest_Controller_Test.php | 2 +- modules/rss/controllers/rss.php | 2 +- modules/rss/helpers/rss.php | 2 +- modules/rss/helpers/rss_block.php | 2 +- modules/search/controllers/search.php | 2 +- modules/search/helpers/search.php | 2 +- modules/search/helpers/search_event.php | 2 +- modules/search/helpers/search_installer.php | 2 +- modules/search/helpers/search_task.php | 2 +- modules/search/helpers/search_theme.php | 2 +- modules/search/models/search_record.php | 2 +- modules/server_add/controllers/admin_server_add.php | 2 +- modules/server_add/controllers/server_add.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/server_add/helpers/server_add_event.php | 2 +- modules/server_add/helpers/server_add_installer.php | 2 +- modules/server_add/helpers/server_add_theme.php | 2 +- modules/server_add/models/server_add_entry.php | 2 +- modules/slideshow/helpers/slideshow_event.php | 2 +- modules/slideshow/helpers/slideshow_installer.php | 2 +- modules/slideshow/helpers/slideshow_theme.php | 2 +- modules/tag/controllers/admin_tags.php | 2 +- modules/tag/controllers/tag.php | 2 +- modules/tag/controllers/tags.php | 2 +- modules/tag/helpers/item_tags_rest.php | 2 +- modules/tag/helpers/tag.php | 2 +- modules/tag/helpers/tag_block.php | 2 +- modules/tag/helpers/tag_event.php | 2 +- modules/tag/helpers/tag_installer.php | 2 +- modules/tag/helpers/tag_item_rest.php | 2 +- modules/tag/helpers/tag_items_rest.php | 2 +- modules/tag/helpers/tag_rest.php | 2 +- modules/tag/helpers/tag_rss.php | 2 +- modules/tag/helpers/tag_task.php | 2 +- modules/tag/helpers/tag_theme.php | 2 +- modules/tag/helpers/tags_rest.php | 2 +- modules/tag/models/tag.php | 2 +- modules/tag/tests/Tag_Item_Rest_Helper_Test.php | 2 +- modules/tag/tests/Tag_Rest_Helper_Test.php | 2 +- modules/tag/tests/Tag_Test.php | 2 +- modules/tag/tests/Tags_Rest_Helper_Test.php | 2 +- modules/user/config/identity.php | 2 +- modules/user/controllers/admin_users.php | 2 +- modules/user/controllers/password.php | 2 +- modules/user/controllers/users.php | 2 +- modules/user/helpers/group.php | 2 +- modules/user/helpers/user.php | 2 +- modules/user/helpers/user_event.php | 2 +- modules/user/helpers/user_installer.php | 2 +- modules/user/helpers/user_theme.php | 2 +- modules/user/libraries/drivers/IdentityProvider/Gallery.php | 2 +- modules/user/models/group.php | 2 +- modules/user/models/user.php | 2 +- modules/user/tests/No_Direct_ORM_Access_Test.php | 2 +- modules/user/tests/User_Groups_Test.php | 2 +- modules/user/tests/User_Installer_Test.php | 2 +- modules/watermark/controllers/admin_watermarks.php | 2 +- modules/watermark/helpers/watermark.php | 2 +- modules/watermark/helpers/watermark_event.php | 2 +- modules/watermark/helpers/watermark_installer.php | 2 +- 295 files changed, 296 insertions(+), 296 deletions(-) (limited to 'modules/gallery') diff --git a/application/Bootstrap.php b/application/Bootstrap.php index fbd83ce1..ff021fd5 100644 --- a/application/Bootstrap.php +++ b/application/Bootstrap.php @@ -1,7 +1,7 @@ Date: Fri, 21 Jan 2011 23:09:27 -0800 Subject: Update XSS golden file --- modules/gallery/tests/xss_data.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 609f786a..0c812fb4 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -248,6 +248,7 @@ modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permi modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form +modules/gallery/views/upgrade_checker_block.html.php 17 DIRTY $new_version modules/gallery/views/upgrader.html.php 76 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 94 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" @@ -338,8 +339,8 @@ modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::s modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count -modules/tag/views/tag_block.html.php 26 DIRTY $cloud -modules/tag/views/tag_block.html.php 28 DIRTY $form +modules/tag/views/tag_block.html.php 28 DIRTY $cloud +modules/tag/views/tag_block.html.php 30 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() @@ -363,6 +364,7 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url +themes/admin_wind/views/admin.html.php 4 DIRTY $theme->html_attributes() themes/admin_wind/views/admin.html.php 31 DIRTY $theme->admin_head() themes/admin_wind/views/admin.html.php 40 DIRTY_JS $theme->url() themes/admin_wind/views/admin.html.php 45 DIRTY $theme->get_combined("script") @@ -408,6 +410,7 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) +themes/wind/views/page.html.php 4 DIRTY $theme->html_attributes() themes/wind/views/page.html.php 10 DIRTY $page_title themes/wind/views/page.html.php 13 DIRTY $theme->item()->title themes/wind/views/page.html.php 17 DIRTY item::root()->title -- cgit v1.2.3