From 1ada27916fa4575f6b093db17f4165d8cce16088 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 11 Feb 2010 05:24:16 -0800
Subject: Use the admin/users/edit_user_form version of the user editing form
 right after initial install so that we're not requiring the user to re-enter
 the auto-generated password to change their password and email.

Fixes ticket #1007
---
 modules/gallery/views/welcome_message.html.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/welcome_message.html.php b/modules/gallery/views/welcome_message.html.php
index caeeff66..4d6ed726 100644
--- a/modules/gallery/views/welcome_message.html.php
+++ b/modules/gallery/views/welcome_message.html.php
@@ -15,12 +15,15 @@
   </p>
 
   <p>
-    <a href="<?= url::site("user_profile/show/{$user->id}") ?>"
+    <a href="<?= url::site("admin/users/edit_user_form/{$user->id}") ?>"
       title="<?= t("Edit your profile")->for_html_attr() ?>"
       id="g-after-install-change-password-link"
       class="g-button ui-state-default ui-corners-all">
       <?= t("Change password and email now") ?>
     </a>
+    <script type="text/javascript">
+      $("#g-after-install-change-password-link").gallery_dialog();
+    </script>
   </p>
 
   <p>
-- 
cgit v1.2.3


From 6353a7c2decd62098ebc96951c38c9aade44fc4c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 11 Feb 2010 14:28:32 -0800
Subject: Security: Fix leaking of album / photo names. Reject previous fix for
 ticket 1009. Side effect: Renaming auth::required_login() to login_page().

---
 modules/gallery/controllers/albums.php | 12 +++++++++---
 modules/gallery/controllers/movies.php |  7 ++-----
 modules/gallery/controllers/photos.php | 11 ++++-------
 modules/gallery/helpers/access.php     |  7 ++++++-
 modules/gallery/helpers/auth.php       |  7 ++++---
 5 files changed, 25 insertions(+), 19 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index e1985cfb..c2b474ee 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,12 +26,18 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
 
     if (!access::can("view", $album)) {
-      print auth::require_login();
-      return;
+      if ($album->id == 1) {
+        // Even show the login page to logged in users.
+        // It's a better user experience than a "Dang" error page.
+        print auth::login_page();
+        return;
+      } else {
+        access::required("view", $album);
+      }
     }
 
     $page_size = module::get_var("gallery", "page_size", 9);
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 8041066e..78a56e81 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,13 +22,10 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
 
-    if (!access::can("view", $movie)) {
-      print auth::require_login();
-      return;
-    }
+    access::required("view", $movie);
 
     $where = array(array("type", "!=", "album"));
     $position = $movie->parent()->get_position($movie, $where);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 778e9ae7..f2d47eec 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,14 +22,11 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
-
-    if (!access::can("view", $photo)) {
-      print auth::require_login();
-      return;
-    }
-
+  
+    access::required("view", $photo);
+  
     $where = array(array("type", "!=", "album"));
     $position = $photo->parent()->get_position($photo, $where);
     if ($position > 1) {
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 29b981e8..7e8b079a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -118,7 +118,12 @@ class access_Core {
    */
   static function required($perm_name, $item) {
     if (!self::can($perm_name, $item)) {
-      self::forbidden();
+      if ($perm_name == "view") {
+        // Treat as if the item didn't exist, don't leak any information.
+        throw new Kohana_404_Exception();
+      } else {
+        self::forbidden();
+      }
     }
   }
 
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index f5454f85..8b0ce470 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -132,15 +132,16 @@ class auth_Core {
   }
 
   /**
-   * Redirect to the login page.
+   * Returns the themed login page.
    */
-  static function require_login() {
+  static function login_page($continue_url=null) {
     $view = new Theme_View("page.html", "other", "login");
     $view->page_title = t("Log in to Gallery");
     $view->content = new View("login_ajax.html");
     $view->content->form = auth::get_login_form("login/auth_html");
     // Avoid anti-phishing protection by passing the url as session variable.
-    Session::instance()->set("continue_url", url::current(true));
+    $continue_url or $continue_url = url::current(true);
+    Session::instance()->set("continue_url", $continue_url);
     return $view;
   }
 }
\ No newline at end of file
-- 
cgit v1.2.3


From 3439671bcfb99c1884285e4b4e53295f044e688f Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 12 Feb 2010 09:52:57 -0800
Subject: 1) Add a depth parameter to retrieving an item thru the rest api 2)
 Standardize the structure of members so that client programs can consistently
    parse the return information. 3) Added a summary parameter so that client
 programs can easily determine if the    information returned is summary (item
 type, item title) or the full meal deal

---
 modules/gallery/helpers/item_rest.php | 14 ++++--------
 modules/gallery/models/item.php       | 41 +++++++++++++++++++++++++++++------
 2 files changed, 38 insertions(+), 17 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php
index c0fc422a..72230d8b 100644
--- a/modules/gallery/helpers/item_rest.php
+++ b/modules/gallery/helpers/item_rest.php
@@ -30,6 +30,9 @@ class item_rest_Core {
    *   name=<substring>
    *     only return items where the name contains this substring
    *
+   *   depth=<number>
+   *     return the children to the depth specified.
+   *
    *   random=true
    *     return a single random item
    *
@@ -70,16 +73,7 @@ class item_rest_Core {
       $orm->where("type", "IN", explode(",", $p->type));
     }
 
-    $members = array();
-    foreach ($orm->find_all() as $child) {
-      $members[] = rest::url("item", $child);
-    }
-
-    return array(
-      "url" => $request->url,
-      "entity" => $item->as_restful_array(),
-      "members" => $members,
-      "relationships" => rest::relationships("item", $item));
+    return  $item->as_restful_array(isset($p->depth) ? $p->depth : 0);
   }
 
   static function put($request) {
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index dbd56fa2..a1be4fbc 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -918,22 +918,49 @@ class Item_Model extends ORM_MPTT {
   /**
    * Same as ORM::as_array() but convert id fields into their RESTful form.
    */
-  public function as_restful_array() {
+  public function as_restful_array($depth=0, $level=0) {
     // Convert item ids to rest URLs for consistency
-    $data = $this->as_array();
+    $data = array("url" => rest::url("item", $this),
+                  "entity" => $this->as_array(),
+                  "members" => array(),
+                  "relationships" => array());
+
     if ($tmp = $this->parent()) {
-      $data["parent"] = rest::url("item", $tmp);
+      $data["entity"]["parent"] = rest::url("item", $tmp);
     }
-    unset($data["parent_id"]);
+    unset($data["entity"]["parent_id"]);
     if ($tmp = $this->album_cover()) {
-      $data["album_cover"] = rest::url("item", $tmp);
+      $data["entity"]["album_cover"] = rest::url("item", $tmp);
     }
-    unset($data["album_cover_item_id"]);
+    unset($data["entity"]["album_cover_item_id"]);
 
     // Elide some internal-only data that is going to cause confusion in the client.
     foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr") as $key) {
-      unset($data[$key]);
+      unset($data["entity"][$key]);
+    }
+
+    // check that we have given enough information. At this point we don't
+    // return relationships and we give enough information to determine how to handle
+    // the children.
+    $summarize = $depth < $level;
+    if (!$summarize) {
+      $data["relationships"] = rest::relationships("item", $this);
+    }
+
+    $next_level = $level + 1;
+    foreach ($this->children() as $child) {
+      if ($summarize) {
+        $data["members"][] = array("url" => rest::url("item", $child),
+                                   "entity" => array("title" => $child->title,
+                                                     "type" => $child->type),
+                                   "members" => array(),
+                                   "summary" => true,
+                                   "relationships" => array());
+      } else {
+        $data["members"][] = $child->as_restful_array($depth, $next_level);
+      }
     }
+    $data["summary"] = $summarize;
     return $data;
   }
 }
-- 
cgit v1.2.3


From ce71ea6aa7eac72e54b1a9d7722c87beb61327de Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 12 Feb 2010 04:53:26 -0800
Subject: Revert "1) Add a depth parameter to retrieving an item thru the rest
 api"

This reverts commit 3439671bcfb99c1884285e4b4e53295f044e688f.
---
 modules/gallery/helpers/item_rest.php | 14 ++++++++----
 modules/gallery/models/item.php       | 41 ++++++-----------------------------
 2 files changed, 17 insertions(+), 38 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php
index 72230d8b..c0fc422a 100644
--- a/modules/gallery/helpers/item_rest.php
+++ b/modules/gallery/helpers/item_rest.php
@@ -30,9 +30,6 @@ class item_rest_Core {
    *   name=<substring>
    *     only return items where the name contains this substring
    *
-   *   depth=<number>
-   *     return the children to the depth specified.
-   *
    *   random=true
    *     return a single random item
    *
@@ -73,7 +70,16 @@ class item_rest_Core {
       $orm->where("type", "IN", explode(",", $p->type));
     }
 
-    return  $item->as_restful_array(isset($p->depth) ? $p->depth : 0);
+    $members = array();
+    foreach ($orm->find_all() as $child) {
+      $members[] = rest::url("item", $child);
+    }
+
+    return array(
+      "url" => $request->url,
+      "entity" => $item->as_restful_array(),
+      "members" => $members,
+      "relationships" => rest::relationships("item", $item));
   }
 
   static function put($request) {
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index a1be4fbc..dbd56fa2 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -918,49 +918,22 @@ class Item_Model extends ORM_MPTT {
   /**
    * Same as ORM::as_array() but convert id fields into their RESTful form.
    */
-  public function as_restful_array($depth=0, $level=0) {
+  public function as_restful_array() {
     // Convert item ids to rest URLs for consistency
-    $data = array("url" => rest::url("item", $this),
-                  "entity" => $this->as_array(),
-                  "members" => array(),
-                  "relationships" => array());
-
+    $data = $this->as_array();
     if ($tmp = $this->parent()) {
-      $data["entity"]["parent"] = rest::url("item", $tmp);
+      $data["parent"] = rest::url("item", $tmp);
     }
-    unset($data["entity"]["parent_id"]);
+    unset($data["parent_id"]);
     if ($tmp = $this->album_cover()) {
-      $data["entity"]["album_cover"] = rest::url("item", $tmp);
+      $data["album_cover"] = rest::url("item", $tmp);
     }
-    unset($data["entity"]["album_cover_item_id"]);
+    unset($data["album_cover_item_id"]);
 
     // Elide some internal-only data that is going to cause confusion in the client.
     foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr") as $key) {
-      unset($data["entity"][$key]);
-    }
-
-    // check that we have given enough information. At this point we don't
-    // return relationships and we give enough information to determine how to handle
-    // the children.
-    $summarize = $depth < $level;
-    if (!$summarize) {
-      $data["relationships"] = rest::relationships("item", $this);
-    }
-
-    $next_level = $level + 1;
-    foreach ($this->children() as $child) {
-      if ($summarize) {
-        $data["members"][] = array("url" => rest::url("item", $child),
-                                   "entity" => array("title" => $child->title,
-                                                     "type" => $child->type),
-                                   "members" => array(),
-                                   "summary" => true,
-                                   "relationships" => array());
-      } else {
-        $data["members"][] = $child->as_restful_array($depth, $next_level);
-      }
+      unset($data[$key]);
     }
-    $data["summary"] = $summarize;
     return $data;
   }
 }
-- 
cgit v1.2.3


From d53f6d0e052fb455059170a311640fcd06cad798 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 16:40:44 -0800
Subject: Fix for tickets 1009 and 603: Show a themed error page to guests /
 registered users (not to admins though). And show a login form to guests for
 404 (incl. insufficient view permissions) errors.

---
 modules/gallery/controllers/albums.php            |  13 +--
 modules/gallery/controllers/items.php             |   2 +-
 modules/gallery/controllers/movies.php            |   2 +-
 modules/gallery/controllers/photos.php            |   2 +-
 modules/gallery/helpers/access.php                |   2 +-
 modules/gallery/helpers/auth.php                  |  14 ---
 modules/gallery/libraries/MY_Kohana_Exception.php |  59 +++++++++-
 modules/gallery/views/error.html.php              |  12 ++
 modules/gallery/views/error_404.html.php          |  21 ++++
 modules/gallery/views/kohana_error_page.php       | 127 ----------------------
 10 files changed, 97 insertions(+), 157 deletions(-)
 create mode 100644 modules/gallery/views/error.html.php
 create mode 100644 modules/gallery/views/error_404.html.php
 delete mode 100644 modules/gallery/views/kohana_error_page.php

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index c2b474ee..1cc3b1ec 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,19 +26,10 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
-    if (!access::can("view", $album)) {
-      if ($album->id == 1) {
-        // Even show the login page to logged in users.
-        // It's a better user experience than a "Dang" error page.
-        print auth::login_page();
-        return;
-      } else {
-        access::required("view", $album);
-      }
-    }
+    access::required("view", $album);
 
     $page_size = module::get_var("gallery", "page_size", 9);
     $input = Input::instance();
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index f261e3a9..0bd47b2d 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -21,7 +21,7 @@ class Items_Controller extends Controller {
   public function __call($function, $args) {
     $item = ORM::factory("item", (int)$function);
     if (!$item->loaded()) {
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
     // Redirect to the more specific resource type, since it will render
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 78a56e81..1dbcb481 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
     access::required("view", $movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index f2d47eec..2a77aea4 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
   
     access::required("view", $photo);
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 7e8b079a..c4c100ca 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        throw new Kohana_404_Exception();
+        Event::run('system.404');
       } else {
         self::forbidden();
       }
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 8b0ce470..c3e9e6e9 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -130,18 +130,4 @@ class auth_Core {
     $session->set("admin_area_activity_timestamp", time());
     return false;
   }
-
-  /**
-   * Returns the themed login page.
-   */
-  static function login_page($continue_url=null) {
-    $view = new Theme_View("page.html", "other", "login");
-    $view->page_title = t("Log in to Gallery");
-    $view->content = new View("login_ajax.html");
-    $view->content->form = auth::get_login_form("login/auth_html");
-    // Avoid anti-phishing protection by passing the url as session variable.
-    $continue_url or $continue_url = url::current(true);
-    Session::instance()->set("continue_url", $continue_url);
-    return $view;
-  }
 }
\ No newline at end of file
diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php
index 1c40091a..d6f1f467 100644
--- a/modules/gallery/libraries/MY_Kohana_Exception.php
+++ b/modules/gallery/libraries/MY_Kohana_Exception.php
@@ -33,6 +33,63 @@ class Kohana_Exception extends Kohana_Exception_Core {
     if ($e instanceof ORM_Validation_Exception) {
       Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1));
     }
-    return parent::handle($e);
+    try {
+      $user = identity::active_user();
+      $try_themed_view = $user && !$user->admin;
+    } catch (Exception $e2) {
+      $try_themed_view = false;
+    }
+
+    if ($try_themed_view) {
+      try {
+        return self::_show_themed_error_page($e);
+      } catch (Exception $e3) {
+        Kohana_Log::add("error", "Exception in exception handling code: " . self::text($e3));
+        return parent::handle($e);
+      }
+    } else {
+      return parent::handle($e);
+    }
+  }
+
+  /**
+   * Shows a themed error page.
+   * @see Kohana_Exception::handle
+   */
+  private static function _show_themed_error_page(Exception $e) {
+    // Create a text version of the exception
+    $error = Kohana_Exception::text($e);
+    
+    // Add this exception to the log
+    Kohana_Log::add('error', $error);
+
+    // Manually save logs after exceptions
+    Kohana_Log::save();
+
+    if (!headers_sent()) {
+      if ($e instanceof Kohana_Exception) {
+        $e->sendHeaders();
+      } else {
+        header("HTTP/1.1 500 Internal Server Error");
+      }
+    }
+
+    $view = new Theme_View("page.html", "other", "error");
+    if ($e instanceof Kohana_404_Exception) {
+      $view->page_title = t("Dang...  Page not found!");
+      $view->content = new View("error_404.html");
+      $user = identity::active_user();
+      $view->content->is_guest = $user && $user->guest;
+      if ($view->content->is_guest) {
+        $view->content->login_form = new View("login_ajax.html");
+        $view->content->login_form->form = auth::get_login_form("login/auth_html");
+        // Avoid anti-phishing protection by passing the url as session variable.
+        Session::instance()->set("continue_url", url::current(true));
+      }
+    } else {
+      $view->page_title = t("Dang...  Something went wrong!");
+      $view->content = new View("error.html");
+    }
+    print $view;
   }
 }
\ No newline at end of file
diff --git a/modules/gallery/views/error.html.php b/modules/gallery/views/error.html.php
new file mode 100644
index 00000000..5d81b651
--- /dev/null
+++ b/modules/gallery/views/error.html.php
@@ -0,0 +1,12 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-error">
+  <h1>
+    <?= t("Dang...  Something went wrong!") ?>
+  </h1>
+  <h2>
+    <?= t("We tried really hard, but it's broken.") ?>
+  </h2>
+  <p>
+    <?= t("Talk to your Gallery administrator for help fixing this!") ?>
+  </p>
+</div>
\ No newline at end of file
diff --git a/modules/gallery/views/error_404.html.php b/modules/gallery/views/error_404.html.php
new file mode 100644
index 00000000..e5846e65
--- /dev/null
+++ b/modules/gallery/views/error_404.html.php
@@ -0,0 +1,21 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-error">
+  <h1>
+    <?= t("Dang...  Page not found!") ?>
+  </h1>
+  <? if ($is_guest): ?>
+    <h2>
+      <?= t("Hey wait, you're not signed in yet!") ?>
+    </h2>
+    <p>
+       <?= t("Maybe the page exists, but is only visible to authorized users.") ?>
+       <?= t("Please sign in to find out.") ?>
+    </p>
+    <?= $login_form ?>
+  <? else: ?>
+    <p>
+      <?= t("Maybe the page exists, but is only visible to authorized users.") ?>
+      <?= t("Talk to your Gallery administrator if you think this is an error for help fixing this!") ?>
+    </p>
+ <? endif; ?>
+</div>
\ No newline at end of file
diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
deleted file mode 100644
index b9fdcc19..00000000
--- a/modules/gallery/views/kohana_error_page.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-  <head>
-    <style type="text/css">
-      body {
-        background: #fff;
-        font-size: 14px;
-        line-height: 130%;
-      }
-
-      div.big_box {
-        padding: 10px;
-        background: #eee;
-        border: solid 1px #ccc;
-        font-family: sans-serif;
-        color: #111;
-        width: 42em;
-        margin: 20px auto;
-      }
-
-      div#framework_error {
-        text-align: center;
-      }
-
-      div#error_details {
-        text-align: left;
-      }
-
-      code {
-        font-family: monospace;
-        font-size: 12px;
-        margin: 20px;
-        color: #333;
-        white-space: pre-wrap;
-        white-space: -moz-pre-wrap;
-        word-wrap: break-word;
-      }
-
-      h3 {
-        font-family: sans-serif;
-        margin: 2px 0px 0px 0px;
-        padding: 8px 0px 0px 0px;
-        border-top: 1px solid #ddd;
-      }
-
-      p {
-        padding: 0px;
-        margin: 0px 0px 10px 0px;
-      }
-
-      li, pre {
-        padding: 0px;
-        margin: 0px;
-      }
-    </style>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-    <title><?= t("Something went wrong!") ?></title>
-  </head>
-  <body>
-    <? try { $user = identity::active_user(); } catch (Exception $e) { } ?>
-    <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
-    <div class="big_box" id="framework_error">
-      <h1>
-        <?= t("Dang...  Something went wrong!") ?>
-      </h1>
-      <h2>
-        <?= t("We tried really hard, but it's broken.") ?>
-      </h2>
-      <? if (!$admin): ?>
-      <p>
-        <?= t("Talk to your Gallery administrator for help fixing this!") ?>
-      </p>
-      <? endif ?>
-    </div>
-    <? if ($admin): ?>
-    <div class="big_box" id="error_details">
-      <h2>
-        <?= t("Hey wait, you're an admin!  We can tell you stuff.") ?>
-      </h2>
-      <script type="text/javascript">
-        var show_details = function() {
-          document.getElementById("stuff").style.display = "block";
-          document.getElementById("toggle").style.display = "none";
-        }
-      </script>
-      <a id="toggle" href="#" onclick="javascript:show_details(); return false;">
-        <b><?= t("Ok.. tell me stuff!") ?></b>
-      </a>
-      <div id="stuff" style="display: none">
-        <? if (!empty($line) and !empty($file)): ?>
-        <div id="summary">
-          <h3>
-            <?= t("Help!") ?>
-          </h3>
-          <p>
-            <?= t("If this stuff doesn't make any sense to you, <a href=\"%url\">ask for help in the Gallery forums</a>!", array("url" => "http://gallery.menalto.com/forum/96")) ?>
-          </p>
-          <h3>
-            <?= t("So here's the error:") ?>
-          </h3>
-
-          <code class="block"><?= $message ?></code>
-          <p>
-            <?= t("File: <b>%file</b>, line: <b>%line</b>", array("file" => $file, "line" => $line)) ?>
-          </p>
-        </div>
-        <? endif ?>
-
-        <? $trace = $PHP_ERROR ? array_slice(debug_backtrace(), 1) : $exception->getTrace(); ?>
-        <? $trace = Kohana::backtrace($trace); ?>
-        <? if (!empty($trace)): ?>
-        <div id="stack_trace">
-          <h3>
-            <?= t("And here's how we got there:") ?>
-          </h3>
-          <?= $trace ?>
-          <? endif ?>
-        </div>
-      </div>
-      <? else: ?>
-      <? $trace = $PHP_ERROR ? array_slice(debug_backtrace(), 1) : $exception->getTraceAsString(); ?>
-      <? if (!empty($trace)): ?>
-      <? Kohana_Log::add("error", print_r($trace, 1)); ?>
-      <? endif ?>
-      <? endif ?>
-  </body>
-</html>
-- 
cgit v1.2.3


From e88e976fc4255d323a1f5919453604ecf467ed0d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 12 Feb 2010 13:49:14 -0800
Subject: Tighten up the text.

---
 modules/gallery/views/error_404.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/error_404.html.php b/modules/gallery/views/error_404.html.php
index e5846e65..4b037a79 100644
--- a/modules/gallery/views/error_404.html.php
+++ b/modules/gallery/views/error_404.html.php
@@ -15,7 +15,7 @@
   <? else: ?>
     <p>
       <?= t("Maybe the page exists, but is only visible to authorized users.") ?>
-      <?= t("Talk to your Gallery administrator if you think this is an error for help fixing this!") ?>
+      <?= t("If you think this is an error, talk to your Gallery administrator!") ?>
     </p>
  <? endif; ?>
 </div>
\ No newline at end of file
-- 
cgit v1.2.3


From 8412aeb1337c4060a77af7c94441ca8cbc6bb4ad Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 19:05:44 -0800
Subject: For consistency, use straight Kohana_404_Exception instead of the
 event system.

---
 modules/gallery/controllers/albums.php | 2 +-
 modules/gallery/controllers/items.php  | 2 +-
 modules/gallery/controllers/movies.php | 2 +-
 modules/gallery/controllers/photos.php | 2 +-
 modules/gallery/helpers/access.php     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 1cc3b1ec..036dade0 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,7 +26,7 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $album);
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index 0bd47b2d..f261e3a9 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -21,7 +21,7 @@ class Items_Controller extends Controller {
   public function __call($function, $args) {
     $item = ORM::factory("item", (int)$function);
     if (!$item->loaded()) {
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     // Redirect to the more specific resource type, since it will render
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 1dbcb481..78a56e81 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 2a77aea4..f2d47eec 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
   
     access::required("view", $photo);
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index c4c100ca..7e8b079a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        Event::run('system.404');
+        throw new Kohana_404_Exception();
       } else {
         self::forbidden();
       }
-- 
cgit v1.2.3


From 2dad1d7cd15bed3c89de11cadf4b3b5c43134f69 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 20:59:26 -0800
Subject: Some HTML validation fixes (don't render empty <ul> lists, empty id
 attributes, use &amp; not &)

---
 modules/gallery/helpers/gallery_event.php     |  6 +++---
 modules/gallery/libraries/Menu.php            | 13 +++++++++++++
 modules/gallery/views/menu.html.php           |  4 ++--
 modules/gallery/views/menu_ajax_link.html.php |  2 +-
 modules/gallery/views/menu_dialog.html.php    |  2 +-
 modules/gallery/views/menu_link.html.php      |  2 +-
 themes/wind/views/page.html.php               |  2 +-
 7 files changed, 22 insertions(+), 9 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 63f33c12..faf1c0c6 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -336,7 +336,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-ccw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")))
+            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")))
           ->append(
             Menu::factory("ajax_link")
             ->id("rotate_cw")
@@ -344,7 +344,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-cw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")));
       }
 
       // @todo Don't move photos from the photo page; we don't yet have a good way of redirecting
@@ -384,7 +384,7 @@ class gallery_event_Core {
                    ->label($delete_title)
                    ->css_class("ui-icon-trash")
                    ->css_id("g-quick-delete")
-                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")));
       }
 
       if ($item->is_album()) {
diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php
index e2b68d1a..7c76ab04 100644
--- a/modules/gallery/libraries/Menu.php
+++ b/modules/gallery/libraries/Menu.php
@@ -216,6 +216,19 @@ class Menu_Core extends Menu_Element {
     return null;
   }
 
+  public function is_empty() {
+    foreach ($this->elements as $element) {
+      if ($element instanceof Menu) {
+        if (!$element->is_empty()) {
+          return false;
+        }
+      } else {
+        return false;
+      }
+    }
+    return true;
+  }
+
   public function render() {
     $view = new View(isset($this->view) ? $this->view : "menu.html");
     $view->menu = $this;
diff --git a/modules/gallery/views/menu.html.php b/modules/gallery/views/menu.html.php
index cb49bcdf..17a249dd 100644
--- a/modules/gallery/views/menu.html.php
+++ b/modules/gallery/views/menu.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<? if ($menu->elements): // Don't show the menu if it has no choices ?>
+<? if (!$menu->is_empty()): // Don't show the menu if it has no choices ?>
 <? if ($menu->is_root): ?>
-<ul <?= isset($menu->css_id) ? "id='$menu->css_id'" : "" ?> class="<?= $menu->css_class ?>">
+<ul <?= $menu->css_id ? "id='$menu->css_id'" : "" ?> class="<?= $menu->css_class ?>">
   <? foreach ($menu->elements as $element): ?>
   <?= $element->render() ?>
   <? endforeach ?>
diff --git a/modules/gallery/views/menu_ajax_link.html.php b/modules/gallery/views/menu_ajax_link.html.php
index 00a394bc..06cd6f92 100644
--- a/modules/gallery/views/menu_ajax_link.html.php
+++ b/modules/gallery/views/menu_ajax_link.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-ajax-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>"
diff --git a/modules/gallery/views/menu_dialog.html.php b/modules/gallery/views/menu_dialog.html.php
index 99b1b013..b44080c3 100644
--- a/modules/gallery/views/menu_dialog.html.php
+++ b/modules/gallery/views/menu_dialog.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-dialog-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>">
diff --git a/modules/gallery/views/menu_link.html.php b/modules/gallery/views/menu_link.html.php
index 8e4cdb95..a36d2754 100644
--- a/modules/gallery/views/menu_link.html.php
+++ b/modules/gallery/views/menu_link.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-menu-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>">
diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php
index 2dcc5d70..61e34145 100644
--- a/themes/wind/views/page.html.php
+++ b/themes/wind/views/page.html.php
@@ -91,7 +91,7 @@
           <div id="g-site-menu" style="visibility: hidden">
           <?= $theme->site_menu() ?>
           </div>
-          <script> $(document).ready(function() { $("#g-site-menu").css("visibility", "visible"); }) </script>
+          <script type="text/javascript"> $(document).ready(function() { $("#g-site-menu").css("visibility", "visible"); }) </script>
 
           <?= $theme->header_bottom() ?>
         </div>
-- 
cgit v1.2.3


From 1a951cb7f61b33437c2e9b04da0565393d072c03 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 13 Feb 2010 12:35:39 -0800
Subject: HTML validation fix (<script>)

---
 modules/gallery/views/user_profile.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 1c3e4ea2..1c346c26 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -22,7 +22,7 @@
     padding: 0;
   }
 </style>
-<script>
+<script type="text/javascript">
   $(document).ready(function() {
     $("#g-profile-return").click(function(event) {
       history.go(-1);
-- 
cgit v1.2.3


From 0f66db51efc427482aaf3b575fff84f015a3a2ab Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 13 Feb 2010 18:03:46 -0800
Subject: Change JavaScript reauthentication check to check via XHR. Benefit:
 Getting the real deadline this way, not interfering with an ongoing
 maintenance task.

---
 modules/gallery/controllers/admin.php     | 21 +++++++++++++++++++++
 modules/gallery/helpers/gallery_theme.php | 17 +++++++++++------
 2 files changed, 32 insertions(+), 6 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 7706e9fc..838c2b50 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -29,6 +29,9 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (Input::instance()->get("reauth_check")) {
+      return self::_reauth_check();
+    }
     if (auth::must_reauth_for_admin_area()) {
       return self::_prompt_for_reauth($controller_name, $args);
     }
@@ -54,6 +57,24 @@ class Admin_Controller extends Controller {
     call_user_func_array(array(new $controller_name, $method), $args);
   }
 
+  private static function _reauth_check() {
+    $session = Session::instance();
+    $last_active_auth = $session->get("active_auth_timestamp", 0);
+    $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
+    $admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
+
+    $time_remaining = max($last_active_auth, $last_admin_area_activity) +
+      $admin_area_timeout - time();
+
+    $result = new stdClass();
+    $result->result = "success";
+    if ($time_remaining < 30) {
+      $result->location = url::abs_site("");
+    }
+
+    print json_encode($result);
+  }
+
   private static function _prompt_for_reauth($controller_name, $args) {
     if (request::method() == "get" && !request::is_ajax()) {
       // Avoid anti-phishing protection by passing the url as session variable.
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 9ffeb911..ec650e1c 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -92,13 +92,18 @@ class gallery_theme_Core {
     }
 
     // Redirect to the root album when the admin session expires.
-    $redirect_url = url::abs_site("");
-    $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
     $admin_session_redirect_check = '<script type="text/javascript">
-        var page_loaded_timestamp = new Date();
-        setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
-        ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
-        </script>';
+      var adminReauthCheck = function() {
+        $.ajax({url: "' . url::site("admin?reauth_check=1") . '",
+                dataType: "json",
+                success: function(data){
+                  if ("location" in data) {
+                    document.location = data.location;
+                  }
+                }});
+      };
+      setInterval("adminReauthCheck();", 60 * 1000);
+      </script>';
     print $admin_session_redirect_check;
 
     if ($session->get("l10n_mode", false)) {
-- 
cgit v1.2.3


From 897215689c3b85e6df9085291b3a5b60b7e69b08 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 14 Feb 2010 07:32:35 -0800
Subject: Remove the dirty flags from the information returned from the rest
 request for an item.  In addition, add links to the images.

---
 modules/gallery/models/item.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index dbd56fa2..283654c7 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -930,8 +930,18 @@ class Item_Model extends ORM_MPTT {
     }
     unset($data["album_cover_item_id"]);
 
+    if (access::can("view_fillsize", $this)  && $this->is_photo()) {
+      $data["fullsize_url"] = $this->abs_url();
+    }
+
+    if ($tmp = $this->resize_url()  && $this->is_photo()) {
+      $data["resize_url"] = $tmp;
+    }
+    $data["thumb_url"] = $this->thumb_url();
+
     // Elide some internal-only data that is going to cause confusion in the client.
-    foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr") as $key) {
+    foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr",
+                   "thumb_dirty", "resize_dirty") as $key) {
       unset($data[$key]);
     }
     return $data;
-- 
cgit v1.2.3


From 141595e7096befe63d5c8a7176986f2e7bacbb5c Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 14 Feb 2010 07:35:03 -0800
Subject: Create an items REST collection requests that accepts a list of
 resource urls and returns the items associated with them.

---
 modules/gallery/helpers/items_rest.php | 44 ++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 modules/gallery/helpers/items_rest.php

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php
new file mode 100644
index 00000000..c4dd4a5f
--- /dev/null
+++ b/modules/gallery/helpers/items_rest.php
@@ -0,0 +1,44 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class items_rest_Core {
+  static function get($request) {
+
+    $items = array();
+    if (isset($request->params->url)) {
+      foreach($request->params->url as $url) {
+        $item = rest::resolve($url);
+        if (access::can("view", $item)) {
+          $members = array();
+          if ($item->type == "album") {
+            foreach ($item->children() as $child) {
+              $members[] = rest::url("item", $child);
+            }
+          }
+          $items[] = array("url" => $url,
+                           "entity" => $item->as_restful_array(),
+                           "members" => $members,
+                           "relationship" => rest::relationships("item", $item));
+        }
+      }
+    }
+
+    return $items;
+  }
+}
-- 
cgit v1.2.3


From 74471df7770784887bd44cfbe02f48ec12bf8532 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 16:12:18 -0800
Subject: Minor security tightening of IdentityProvider::change_provider().

---
 modules/gallery/libraries/IdentityProvider.php         | 5 +++++
 modules/gallery/libraries/drivers/IdentityProvider.php | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
index 3f1666eb..9fbc5e21 100644
--- a/modules/gallery/libraries/IdentityProvider.php
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -66,6 +66,11 @@ class IdentityProvider_Core {
   }
 
   static function change_provider($new_provider) {
+    if (!identity::active_user()->admin) {
+      // Below, the active user is set to the primary admin.
+      access::forbidden();
+    }
+
     $current_provider = module::get_var("gallery", "identity_provider");
     if (!empty($current_provider)) {
       module::uninstall($current_provider);
diff --git a/modules/gallery/libraries/drivers/IdentityProvider.php b/modules/gallery/libraries/drivers/IdentityProvider.php
index b7b1fbe8..09cdd093 100644
--- a/modules/gallery/libraries/drivers/IdentityProvider.php
+++ b/modules/gallery/libraries/drivers/IdentityProvider.php
@@ -26,7 +26,7 @@ interface IdentityProvider_Driver {
   public function guest();
 
   /**
-   * Return the admins user.
+   * Return the primary admin user.
    *
    * @return User_Definition the user object
    */
-- 
cgit v1.2.3


From 0eb9b43a3388b1de801cc4ffdfcbcc0e0d236858 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 17:26:57 -0800
Subject: Enable session expiration. Currently, it's set to expire sessions
 after 7 days of inactivity.

---
 modules/gallery/config/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/config/session.php b/modules/gallery/config/session.php
index 990fa31f..6905e299 100644
--- a/modules/gallery/config/session.php
+++ b/modules/gallery/config/session.php
@@ -39,7 +39,7 @@ $config['name'] = 'g3sid';
 /**
  * Session parameters to validate: user_agent, ip_address, expiration.
  */
-$config['validate'] = array('user_agent');
+$config['validate'] = array('user_agent', 'expiration');
 
 /**
  * Enable or disable session encryption.
-- 
cgit v1.2.3


From 30dcaaa2365ab88c0516a10bfa287fd2208dcf57 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 18:33:10 -0800
Subject: Need to allow access to ::change_provider for CLI, to make packager
 work.

---
 modules/gallery/libraries/IdentityProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
index 9fbc5e21..01ea9ad7 100644
--- a/modules/gallery/libraries/IdentityProvider.php
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -66,7 +66,7 @@ class IdentityProvider_Core {
   }
 
   static function change_provider($new_provider) {
-    if (!identity::active_user()->admin) {
+    if (!identity::active_user()->admin && PHP_SAPI != "cli") {
       // Below, the active user is set to the primary admin.
       access::forbidden();
     }
-- 
cgit v1.2.3


From 667d65aea460ea601858c54976495d294d93f017 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 18:33:38 -0800
Subject: Fix for ticket 901: Wrap Gallery version string into bdo tag to
 override the BiDi algorithm. Also, properly marking the "Powere by" string
 for translation. See:
 http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420

---
 installer/install.sql                         |  4 ++--
 modules/gallery/helpers/gallery_installer.php | 13 ++++++++++---
 modules/gallery/helpers/gallery_theme.php     |  7 +++++--
 modules/gallery/module.info                   |  2 +-
 4 files changed, 18 insertions(+), 8 deletions(-)

(limited to 'modules/gallery')

diff --git a/installer/install.sql b/installer/install.sql
index dea324eb..28a9caa5 100644
--- a/installer/install.sql
+++ b/installer/install.sql
@@ -239,7 +239,7 @@ CREATE TABLE {modules} (
   UNIQUE KEY `name` (`name`)
 ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8;
 SET character_set_client = @saved_cs_client;
-INSERT INTO {modules} VALUES (1,1,'gallery',28);
+INSERT INTO {modules} VALUES (1,1,'gallery',29);
 INSERT INTO {modules} VALUES (2,1,'user',3);
 INSERT INTO {modules} VALUES (3,1,'comment',2);
 INSERT INTO {modules} VALUES (4,1,'organize',1);
@@ -389,7 +389,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','image_quality','75');
 INSERT INTO {vars} VALUES (NULL,'gallery','image_sharpen','15');
 INSERT INTO {vars} VALUES (NULL,'gallery','time_format','H:i:s');
 INSERT INTO {vars} VALUES (NULL,'gallery','show_credits','1');
-INSERT INTO {vars} VALUES (NULL,'gallery','credits','Powered by <a href=\"%url\">Gallery %version</a>');
+INSERT INTO {vars} VALUES (NULL,'gallery','credits','Powered by <a href=\"%url\">%gallery_version</a>');
 INSERT INTO {vars} VALUES (NULL,'gallery','simultaneous_upload_limit','5');
 INSERT INTO {vars} VALUES (NULL,'gallery','admin_area_timeout','5400');
 INSERT INTO {vars} VALUES (NULL,'gallery','blocks_dashboard_sidebar','a:4:{i:2;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:3;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:4;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:5;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}');
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index dd53cf43..45d991af 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -284,11 +284,13 @@ class gallery_installer {
     module::set_var("gallery", "date_time_format", "Y-M-d H:i:s");
     module::set_var("gallery", "time_format", "H:i:s");
     module::set_var("gallery", "show_credits", 1);
-    // @todo this string needs to be picked up by l10n_scanner
-    module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
+    // Mark string for translation
+    $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>",
+                           array("locale" => "root"));
+    module::set_var("gallery", "credits", $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
-    module::set_version("gallery", 28);
+    module::set_version("gallery", 29);
   }
 
   static function upgrade($version) {
@@ -538,6 +540,11 @@ class gallery_installer {
       module::set_var("gallery", "admin_area_timeout", 90 * 60);
       module::set_version("gallery", $version = 28);
     }
+
+    if ($version == 28) {
+      module::set_var("gallery", "credits", "Powered by <a href=\"%url\">%gallery_version</a>");
+      module::set_version("gallery", $version = 29);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index ec650e1c..d6944323 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -112,9 +112,12 @@ class gallery_theme_Core {
   }
 
   static function credits() {
-     return "<li class=\"g-first\">" .
+    $version_string = SafeString::of_safe_html(
+        '<bdo dir="ltr">Gallery ' . gallery::VERSION . '</bdo>');
+    return "<li class=\"g-first\">" .
       t(module::get_var("gallery", "credits"),
-        array("url" => "http://gallery.menalto.com", "version" => gallery::VERSION)) .
+        array("url" => "http://gallery.menalto.com",
+              "gallery_version" => $version_string)) .
       "</li>";
   }
 
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index ae300399..39615e1c 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 28
+version = 29
-- 
cgit v1.2.3


From 409121942590e12692eaf4e6e9e8b71bfe5ed60c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 19:26:34 -0800
Subject: Fix for ticket #491: Make user and group names translatable. Also
 fixed a UI bug: No longer showing the edit user buttons to admins in the
 profile view (to be consistent with the requirements in the controller).

---
 modules/gallery/controllers/user_profile.php    | 5 +++--
 modules/gallery/helpers/gallery_event.php       | 3 +++
 modules/gallery/views/permissions_form.html.php | 2 +-
 modules/user/helpers/user_installer.php         | 8 ++++----
 modules/user/models/user.php                    | 2 +-
 modules/user/views/admin_users.html.php         | 2 +-
 modules/user/views/admin_users_group.html.php   | 6 +++---
 7 files changed, 16 insertions(+), 12 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 327d2ff1..05373466 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -23,7 +23,8 @@ class User_Profile_Controller extends Controller {
     $user = identity::lookup_user($id);
     $active_user = identity::active_user();
     $is_current_active = $active_user->id == $id;
-    $display_all =  $active_user->admin || ($is_current_active && !$active_user->guest);
+    $can_edit = $is_current_active && !$active_user->guest;
+    $display_all = $active_user->admin || $can_edit;
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
@@ -32,7 +33,7 @@ class User_Profile_Controller extends Controller {
     // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $display_all;
+    $v->content->editable = identity::is_writable() && $can_edit;
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index faf1c0c6..3f77bc42 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -423,6 +423,9 @@ class gallery_event_Core {
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
+        if ($field == "full_name") {
+          $value = t($value);
+        }
         $v->user_profile_data[(string) $label] = $value;
       }
     }
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index f1714119..b486acb7 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -5,7 +5,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= html::clean($group->name) ?> </th>
+      <th> <?= html::clean(t($group->name)) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 729f087a..c57ad010 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -98,25 +98,25 @@ class user_installer {
                DEFAULT CHARSET=utf8;");
 
     $everybody = ORM::factory("group");
-    $everybody->name = "Everybody";
+    $everybody->name = t("Everybody", array("locale" => "root"));
     $everybody->special = true;
     $everybody->save();
 
     $registered = ORM::factory("group");
-    $registered->name = "Registered Users";
+    $registered->name = t("Registered Users", array("locale" => "root"));
     $registered->special = true;
     $registered->save();
 
     $guest = ORM::factory("user");
     $guest->name = "guest";
-    $guest->full_name = "Guest User";
+    $guest->full_name = t("Guest User", array("locale" => "root"));
     $guest->password = "";
     $guest->guest = true;
     $guest->save();
 
     $admin = ORM::factory("user");
     $admin->name = "admin";
-    $admin->full_name = "Gallery Administrator";
+    $admin->full_name = t("Gallery Administrator", array("locale" => "root"));
     $admin->password = "admin";
     $admin->email = "unknown@unknown.com";
     $admin->admin = true;
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index 4404ee63..aa752203 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -113,7 +113,7 @@ class User_Model extends ORM implements User_Definition {
    * @return string
    */
   public function display_name() {
-    return empty($this->full_name) ? $this->name : $this->full_name;
+    return empty($this->full_name) ? $this->name : t($this->full_name);
   }
 
   /**
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 270a7207..69d97547 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -78,7 +78,7 @@
               <?= html::clean($user->name) ?>
             </td>
             <td>
-              <?= html::clean($user->full_name) ?>
+            <?= t(html::clean($user->full_name)) ?>
             </td>
             <td>
               <?= html::clean($user->email) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index 6c6c341e..8317d393 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= html::clean($group->name) ?>
+  <?= t(html::clean($group->name)) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    title="<?= t("Delete the %name group", array("name" => t(html::clean($group->name))))->for_html_attr() ?>"
     class="g-dialog-link g-button g-right">
     <span class="ui-icon ui-icon-trash"><?= t("Delete") ?></span></a>
   <? else: ?>
@@ -22,7 +22,7 @@
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="g-button g-right ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+              array("user" => $user->name, "group" => t(html::clean($group->name))))->for_html_attr() ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("Remove") ?></span>
     </a>
     <? endif ?>
-- 
cgit v1.2.3


From a597b57210b48241781f31d3f277e274d3ca6874 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 15 Feb 2010 12:29:49 -0800
Subject: return the absolute url not the relative for the full size, resize
 and thumb images.

---
 modules/gallery/models/item.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 283654c7..a64bcb49 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -931,13 +931,13 @@ class Item_Model extends ORM_MPTT {
     unset($data["album_cover_item_id"]);
 
     if (access::can("view_fillsize", $this)  && $this->is_photo()) {
-      $data["fullsize_url"] = $this->abs_url();
+      $data["fullsize_url"] = $this->abs_url(true);
     }
 
-    if ($tmp = $this->resize_url()  && $this->is_photo()) {
+    if ($tmp = $this->resize_url(true)  && $this->is_photo()) {
       $data["resize_url"] = $tmp;
     }
-    $data["thumb_url"] = $this->thumb_url();
+    $data["thumb_url"] = $this->thumb_url(true);
 
     // Elide some internal-only data that is going to cause confusion in the client.
     foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr",
-- 
cgit v1.2.3


From dcddc68f58dac2f0fe71f5a00ea4af32618efa13 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 15 Feb 2010 13:12:38 -0800
Subject: Never assign a SafeString instance to a Model member (or hell will
 break loose).

---
 modules/gallery/helpers/gallery_installer.php | 2 +-
 modules/user/helpers/user_installer.php       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index 45d991af..b594ddcf 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -287,7 +287,7 @@ class gallery_installer {
     // Mark string for translation
     $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>",
                            array("locale" => "root"));
-    module::set_var("gallery", "credits", $powered_by_string);
+    module::set_var("gallery", "credits", (string) $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
     module::set_version("gallery", 29);
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index c57ad010..9e757ecd 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -98,25 +98,25 @@ class user_installer {
                DEFAULT CHARSET=utf8;");
 
     $everybody = ORM::factory("group");
-    $everybody->name = t("Everybody", array("locale" => "root"));
+    $everybody->name = (string) t("Everybody", array("locale" => "root"));
     $everybody->special = true;
     $everybody->save();
 
     $registered = ORM::factory("group");
-    $registered->name = t("Registered Users", array("locale" => "root"));
+    $registered->name = (string) t("Registered Users", array("locale" => "root"));
     $registered->special = true;
     $registered->save();
 
     $guest = ORM::factory("user");
     $guest->name = "guest";
-    $guest->full_name = t("Guest User", array("locale" => "root"));
+    $guest->full_name = (string) t("Guest User", array("locale" => "root"));
     $guest->password = "";
     $guest->guest = true;
     $guest->save();
 
     $admin = ORM::factory("user");
     $admin->name = "admin";
-    $admin->full_name = t("Gallery Administrator", array("locale" => "root"));
+    $admin->full_name = (string) t("Gallery Administrator", array("locale" => "root"));
     $admin->password = "admin";
     $admin->email = "unknown@unknown.com";
     $admin->admin = true;
-- 
cgit v1.2.3


From 6c89bb88789257d1dfe4c2ce6eb14e64fe87507c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 15 Feb 2010 13:51:32 -0800
Subject: Update of reviewed XSS audit data.

---
 modules/gallery/tests/xss_data.txt | 56 ++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 29 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index e53502ee..44233459 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -32,8 +32,8 @@ modules/comment/views/comment.mrss.php                       29  DIRTY    $child
 modules/comment/views/comment.mrss.php                       34  DIRTY_ATTR $child->thumb_url
 modules/comment/views/comment.mrss.php                       35  DIRTY_ATTR $child->thumb_height
 modules/comment/views/comment.mrss.php                       35  DIRTY_ATTR $child->thumb_width
-modules/comment/views/comments.html.php                      16  DIRTY_ATTR $comment->id
-modules/comment/views/comments.html.php                      19  DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
+modules/comment/views/comments.html.php                      18  DIRTY_ATTR $comment->id
+modules/comment/views/comments.html.php                      21  DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
 modules/comment/views/user_profile_comments.html.php         5   DIRTY_ATTR $comment->id
 modules/comment/views/user_profile_comments.html.php         10  DIRTY_JS $comment->item()->url()
 modules/comment/views/user_profile_comments.html.php         11  DIRTY    $comment->item()->thumb_img(array(),50)
@@ -81,19 +81,18 @@ modules/gallery/views/admin_maintenance.html.php             24  DIRTY_ATTR log:
 modules/gallery/views/admin_maintenance.html.php             25  DIRTY_ATTR log::severity_class($task->severity)
 modules/gallery/views/admin_maintenance.html.php             26  DIRTY    $task->name
 modules/gallery/views/admin_maintenance.html.php             29  DIRTY    $task->description
-modules/gallery/views/admin_maintenance.html.php             33  DIRTY_JS "{$button->url}/$task->callback?csrf=$csrf"
-modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php             77  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php             78  DIRTY    gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php             81  DIRTY    $task->name
-modules/gallery/views/admin_maintenance.html.php             96  DIRTY    $task->status
-modules/gallery/views/admin_maintenance.html.php             147 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php             147 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php             148 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php             149 DIRTY    gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php             152 DIRTY    $task->name
-modules/gallery/views/admin_maintenance.html.php             164 DIRTY    $task->status
+modules/gallery/views/admin_maintenance.html.php             70  DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php             70  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php             71  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php             72  DIRTY    gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php             75  DIRTY    $task->name
+modules/gallery/views/admin_maintenance.html.php             90  DIRTY    $task->status
+modules/gallery/views/admin_maintenance.html.php             141 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php             141 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php             142 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php             143 DIRTY    gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php             146 DIRTY    $task->name
+modules/gallery/views/admin_maintenance.html.php             158 DIRTY    $task->status
 modules/gallery/views/admin_maintenance_show_log.html.php    8   DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
 modules/gallery/views/admin_maintenance_show_log.html.php    13  DIRTY    $task->name
 modules/gallery/views/admin_maintenance_task.html.php        55  DIRTY    $task->name
@@ -121,6 +120,7 @@ modules/gallery/views/admin_themes.html.php                  62  DIRTY    $theme
 modules/gallery/views/admin_themes.html.php                  76  DIRTY    $info->name
 modules/gallery/views/admin_themes.html.php                  78  DIRTY    $info->description
 modules/gallery/views/admin_themes_preview.html.php          7   DIRTY_ATTR $url
+modules/gallery/views/error_404.html.php                     14  DIRTY    $login_form
 modules/gallery/views/form_uploadify.html.php                30  DIRTY_JS url::file("lib/uploadify/uploadify.swf")
 modules/gallery/views/form_uploadify.html.php                31  DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}")
 modules/gallery/views/form_uploadify.html.php                35  DIRTY_JS url::file("lib/uploadify/cancel.png")
@@ -128,8 +128,7 @@ modules/gallery/views/form_uploadify.html.php                36  DIRTY_JS $simul
 modules/gallery/views/in_place_edit.html.php                 2   DIRTY    form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"))
 modules/gallery/views/in_place_edit.html.php                 3   DIRTY    access::csrf_form_field()
 modules/gallery/views/in_place_edit.html.php                 6   DIRTY    form::input("input",$form["input"]," class=\"textbox\"")
-modules/gallery/views/kohana_error_page.php                  102 DIRTY    $message
-modules/gallery/views/kohana_error_page.php                  116 DIRTY    $trace
+modules/gallery/views/in_place_edit.html.php                 14  DIRTY    $errors["input"]
 modules/gallery/views/kohana_profiler.php                    32  DIRTY    $profile->render();
 modules/gallery/views/l10n_client.html.php                   21  DIRTY_ATTR $string["translation"]===""?"untranslated":"translated"
 modules/gallery/views/l10n_client.html.php                   23  DIRTY    $string["source"]["one"]
@@ -148,18 +147,18 @@ modules/gallery/views/l10n_client.html.php                   67  DIRTY    form::
 modules/gallery/views/login_ajax.html.php                    6   DIRTY_JS url::site("password/reset")
 modules/gallery/views/login_ajax.html.php                    37  DIRTY    $form
 modules/gallery/views/maintenance.html.php                   46  DIRTY    auth::get_login_form("login/auth_html")
-modules/gallery/views/menu.html.php                          4   DIRTY    isset($menu->css_id)?"id='$menu->css_id'":""
+modules/gallery/views/menu.html.php                          4   DIRTY    $menu->css_id?"id='$menu->css_id'":""
 modules/gallery/views/menu.html.php                          4   DIRTY_ATTR $menu->css_class
 modules/gallery/views/menu.html.php                          6   DIRTY    $element->render()
 modules/gallery/views/menu.html.php                          18  DIRTY    $element->render()
-modules/gallery/views/menu_ajax_link.html.php                3   DIRTY_ATTR $menu->css_id
+modules/gallery/views/menu_ajax_link.html.php                3   DIRTY    $menu->css_id?"id='{$menu->css_id}'":""
 modules/gallery/views/menu_ajax_link.html.php                4   DIRTY_ATTR $menu->css_class
 modules/gallery/views/menu_ajax_link.html.php                5   DIRTY_JS $menu->url
 modules/gallery/views/menu_ajax_link.html.php                7   DIRTY    $menu->ajax_handler
-modules/gallery/views/menu_dialog.html.php                   3   DIRTY_ATTR $menu->css_id
+modules/gallery/views/menu_dialog.html.php                   3   DIRTY    $menu->css_id?"id='{$menu->css_id}'":""
 modules/gallery/views/menu_dialog.html.php                   4   DIRTY_ATTR $menu->css_class
 modules/gallery/views/menu_dialog.html.php                   5   DIRTY_JS $menu->url
-modules/gallery/views/menu_link.html.php                     3   DIRTY_ATTR $menu->css_id
+modules/gallery/views/menu_link.html.php                     3   DIRTY    $menu->css_id?"id='{$menu->css_id}'":""
 modules/gallery/views/menu_link.html.php                     4   DIRTY_ATTR $menu->css_class
 modules/gallery/views/menu_link.html.php                     5   DIRTY_JS $menu->url
 modules/gallery/views/move_browse.html.php                   4   DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__")
@@ -209,6 +208,7 @@ modules/gallery/views/permissions_form.html.php              75  DIRTY_JS $item-
 modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $group->id
 modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $permission->id
 modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $item->id
+modules/gallery/views/reauthenticate.html.php                9   DIRTY    $form
 modules/gallery/views/upgrader.html.php                      57  DIRTY_ATTR $done?"muted":""
 modules/gallery/views/upgrader.html.php                      61  DIRTY_ATTR $done?"muted":""
 modules/gallery/views/upgrader.html.php                      69  DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
@@ -239,15 +239,13 @@ modules/organize/views/organize_dialog.html.php              4   DIRTY_JS url::s
 modules/organize/views/organize_dialog.html.php              5   DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf")
 modules/organize/views/organize_dialog.html.php              6   DIRTY_JS url::site("organize/tree/__ALBUM_ID__")
 modules/organize/views/organize_dialog.html.php              14  DIRTY    $album_tree
-modules/organize/views/organize_dialog.html.php              24  DIRTY    $micro_thumb_grid
+modules/organize/views/organize_dialog.html.php              23  DIRTY    $micro_thumb_grid
 modules/organize/views/organize_dialog.html.php              32  DIRTY    form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column)
-modules/organize/views/organize_dialog.html.php              33  DIRTY    form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order)
-modules/organize/views/organize_thumb_grid.html.php          3   DIRTY_ATTR $child->id
+modules/organize/views/organize_thumb_grid.html.php          3   DIRTY_ATTR $child->is_album()?"g-album":"g-photo"
 modules/organize/views/organize_thumb_grid.html.php          4   DIRTY_ATTR $child->id
-modules/organize/views/organize_thumb_grid.html.php          5   DIRTY_ATTR $child->is_album()?"g-album":"g-photo"
-modules/organize/views/organize_thumb_grid.html.php          6   DIRTY    $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true)
-modules/organize/views/organize_thumb_grid.html.php          7   DIRTY    $child->is_album()?" class=\"ui-icon ui-icon-note\"":""
-modules/organize/views/organize_thumb_grid.html.php          15  DIRTY_JS url::site("organize/album/$album->id/".($offset+25))
+modules/organize/views/organize_thumb_grid.html.php          5   DIRTY    $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true)
+modules/organize/views/organize_thumb_grid.html.php          6   DIRTY    $child->is_album()?" class=\"ui-icon ui-icon-note\"":""
+modules/organize/views/organize_thumb_grid.html.php          13  DIRTY_JS url::site("organize/album/$album->id/".($offset+25))
 modules/organize/views/organize_tree.html.php                2   DIRTY_ATTR access::can("edit",$album)?"":"g-view-only"
 modules/organize/views/organize_tree.html.php                3   DIRTY_ATTR $album->id
 modules/organize/views/organize_tree.html.php                6   DIRTY_ATTR $selected&&$album->id==$selected->id?"ui-state-focus":""
@@ -255,6 +253,7 @@ modules/organize/views/organize_tree.html.php                7   DIRTY_ATTR $alb
 modules/organize/views/organize_tree.html.php                13  DIRTY    View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child));
 modules/organize/views/organize_tree.html.php                15  DIRTY_ATTR access::can("edit",$child)?"":"g-view-only"
 modules/organize/views/organize_tree.html.php                16  DIRTY_ATTR $child->id
+modules/organize/views/organize_tree.html.php                18  DIRTY_ATTR $selected&&$child->id==$selected->id?"ui-state-focus":""
 modules/organize/views/organize_tree.html.php                18  DIRTY_ATTR $child->id
 modules/recaptcha/views/admin_recaptcha.html.php             11  DIRTY    $form
 modules/recaptcha/views/admin_recaptcha.html.php             23  DIRTY_JS $public_key
@@ -323,7 +322,6 @@ modules/user/views/admin_users.html.php                      123 DIRTY_ATTR ($gr
 modules/user/views/admin_users.html.php                      125 DIRTY    $v
 modules/user/views/admin_users_group.html.php                22  DIRTY_JS $user->id
 modules/user/views/admin_users_group.html.php                22  DIRTY_JS $group->id
-modules/user/views/user_form.html.php                        7   DIRTY    $form
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $width
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $height
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $url
-- 
cgit v1.2.3


From 5e25d2f7f11a75386e3c7f3d1d0c496eb3287cac Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 15 Feb 2010 14:27:48 -0800
Subject: Put focus on password field in reauthenticate dialog.

---
 modules/gallery/views/reauthenticate.html.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/reauthenticate.html.php b/modules/gallery/views/reauthenticate.html.php
index 8611d0f7..9a6696fb 100644
--- a/modules/gallery/views/reauthenticate.html.php
+++ b/modules/gallery/views/reauthenticate.html.php
@@ -7,4 +7,9 @@
     <?= t("You are currently logged in as %user_name.", array("user_name" => $user_name)) ?>
   </p>
   <?= $form ?>
+  <script type="text/javascript">
+  $("#g-reauthenticate-form").ready(function() {
+    $("#g-password").focus();
+  });
+  </script>
 </div>
\ No newline at end of file
-- 
cgit v1.2.3


From 4ca55a90ee2f8e1d8595b0ec53a601d6c65475f6 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 16 Feb 2010 23:54:39 -0800
Subject: Fix for ticket #1017: Handle the common case of t(html::clean($var))
 by casting SafeString instances to string in translate().

---
 modules/gallery/libraries/Gallery_I18n.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index cfed046a..160543c9 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -117,6 +117,9 @@ class Gallery_I18n_Core {
     $count = isset($options['count']) ? $options['count'] : null;
     $values = $options;
     unset($values['locale']);
+    if ($message instanceof SafeString) {
+      $message = (string) $message;
+    }
     $this->log($message, $options);
 
     $entry = $this->lookup($locale, $message);
-- 
cgit v1.2.3


From 8f39e6844914f4c12c9f7309bd4d04584b02a611 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 18 Feb 2010 14:43:18 -0800
Subject: Improve setlocale() call, using some of G2's locale fallback code to
 match the platform's locale names.

---
 modules/gallery/libraries/Gallery_I18n.php | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index 160543c9..26d1de2c 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -73,12 +73,26 @@ class Gallery_I18n_Core {
   public function locale($locale=null) {
     if ($locale) {
       $this->_config['default_locale'] = $locale;
-      // Attempt to set PHP's locale as well (for number formatting, collation, etc.)
-      // TODO: See G2 for better fallack code.
-      $locale_prefs = array($locale);
-      $locale_prefs[] = 'en_US';
-      $new_locale = setlocale(LC_ALL, $locale_prefs);
-      if (is_string($new_locale) && strpos($new_locale, 'tr') === 0) {
+      $php_locale = setlocale(LC_ALL, 0);
+      list ($php_locale, $unused) = explode('.', $php_locale . '.');
+      if ($php_locale != $locale) {
+        // Attempt to set PHP's locale as well (for number formatting, collation, etc.)
+        $locale_prefs = array($locale);
+        // Try appending some character set names; some systems (like FreeBSD) need this.
+        // Some systems require a format with hyphen (eg. Gentoo) and others without (eg. FreeBSD).
+        $charsets = array('utf8', 'UTF-8', 'UTF8', 'ISO8859-1', 'ISO-8859-1');
+        if (substr($locale, 0, 2) != 'en') {
+          $charsets = array_merge($charsets, array(
+              'EUC', 'Big5', 'euc', 'ISO8859-2', 'ISO8859-5', 'ISO8859-7',
+              'ISO8859-9', 'ISO-8859-2', 'ISO-8859-5', 'ISO-8859-7', 'ISO-8859-9'));
+        }
+        foreach ($charsets as $charset) {
+          $locale_prefs[] = $locale . '.' . $charset;
+        }
+        $locale_prefs[] = 'en_US';
+        $php_locale = setlocale(LC_ALL, $locale_prefs);
+      }
+      if (is_string($php_locale) && substr($php_locale, 0, 2) == 'tr') {
         // Make PHP 5 work with Turkish (the localization results are mixed though).
         // Hack for http://bugs.php.net/18556
         setlocale(LC_CTYPE, 'C');
-- 
cgit v1.2.3


From 45910ffdc051ab4298269f1398f43d00517d4884 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 18 Feb 2010 14:43:18 -0800
Subject: Improve setlocale() call, using some of G2's locale fallback code to
 match the platform's locale names.

---
 modules/gallery/libraries/Gallery_I18n.php | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index 160543c9..26d1de2c 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -73,12 +73,26 @@ class Gallery_I18n_Core {
   public function locale($locale=null) {
     if ($locale) {
       $this->_config['default_locale'] = $locale;
-      // Attempt to set PHP's locale as well (for number formatting, collation, etc.)
-      // TODO: See G2 for better fallack code.
-      $locale_prefs = array($locale);
-      $locale_prefs[] = 'en_US';
-      $new_locale = setlocale(LC_ALL, $locale_prefs);
-      if (is_string($new_locale) && strpos($new_locale, 'tr') === 0) {
+      $php_locale = setlocale(LC_ALL, 0);
+      list ($php_locale, $unused) = explode('.', $php_locale . '.');
+      if ($php_locale != $locale) {
+        // Attempt to set PHP's locale as well (for number formatting, collation, etc.)
+        $locale_prefs = array($locale);
+        // Try appending some character set names; some systems (like FreeBSD) need this.
+        // Some systems require a format with hyphen (eg. Gentoo) and others without (eg. FreeBSD).
+        $charsets = array('utf8', 'UTF-8', 'UTF8', 'ISO8859-1', 'ISO-8859-1');
+        if (substr($locale, 0, 2) != 'en') {
+          $charsets = array_merge($charsets, array(
+              'EUC', 'Big5', 'euc', 'ISO8859-2', 'ISO8859-5', 'ISO8859-7',
+              'ISO8859-9', 'ISO-8859-2', 'ISO-8859-5', 'ISO-8859-7', 'ISO-8859-9'));
+        }
+        foreach ($charsets as $charset) {
+          $locale_prefs[] = $locale . '.' . $charset;
+        }
+        $locale_prefs[] = 'en_US';
+        $php_locale = setlocale(LC_ALL, $locale_prefs);
+      }
+      if (is_string($php_locale) && substr($php_locale, 0, 2) == 'tr') {
         // Make PHP 5 work with Turkish (the localization results are mixed though).
         // Hack for http://bugs.php.net/18556
         setlocale(LC_CTYPE, 'C');
-- 
cgit v1.2.3


From d3e07f8a97627a500bad07ce0a68ac91a766ccd4 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 18 Feb 2010 16:19:41 -0800
Subject: Revert "Fix for ticket #1017: Handle the common case of
 t(html::clean($var)) by casting SafeString instances to string in
 translate()."

This reverts commit 4ca55a90ee2f8e1d8595b0ec53a601d6c65475f6.
---
 modules/gallery/libraries/Gallery_I18n.php | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index 26d1de2c..ac0588e3 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -131,9 +131,6 @@ class Gallery_I18n_Core {
     $count = isset($options['count']) ? $options['count'] : null;
     $values = $options;
     unset($values['locale']);
-    if ($message instanceof SafeString) {
-      $message = (string) $message;
-    }
     $this->log($message, $options);
 
     $entry = $this->lookup($locale, $message);
-- 
cgit v1.2.3


From 99c131e845b5bbfa22b93fa783b5ce671bc27e40 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 18 Feb 2010 16:20:23 -0800
Subject: Revert "Never assign a SafeString instance to a Model member (or hell
 will break loose)."

This reverts commit dcddc68f58dac2f0fe71f5a00ea4af32618efa13.
---
 modules/gallery/helpers/gallery_installer.php | 2 +-
 modules/user/helpers/user_installer.php       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index b594ddcf..45d991af 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -287,7 +287,7 @@ class gallery_installer {
     // Mark string for translation
     $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>",
                            array("locale" => "root"));
-    module::set_var("gallery", "credits", (string) $powered_by_string);
+    module::set_var("gallery", "credits", $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
     module::set_version("gallery", 29);
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 9e757ecd..c57ad010 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -98,25 +98,25 @@ class user_installer {
                DEFAULT CHARSET=utf8;");
 
     $everybody = ORM::factory("group");
-    $everybody->name = (string) t("Everybody", array("locale" => "root"));
+    $everybody->name = t("Everybody", array("locale" => "root"));
     $everybody->special = true;
     $everybody->save();
 
     $registered = ORM::factory("group");
-    $registered->name = (string) t("Registered Users", array("locale" => "root"));
+    $registered->name = t("Registered Users", array("locale" => "root"));
     $registered->special = true;
     $registered->save();
 
     $guest = ORM::factory("user");
     $guest->name = "guest";
-    $guest->full_name = (string) t("Guest User", array("locale" => "root"));
+    $guest->full_name = t("Guest User", array("locale" => "root"));
     $guest->password = "";
     $guest->guest = true;
     $guest->save();
 
     $admin = ORM::factory("user");
     $admin->name = "admin";
-    $admin->full_name = (string) t("Gallery Administrator", array("locale" => "root"));
+    $admin->full_name = t("Gallery Administrator", array("locale" => "root"));
     $admin->password = "admin";
     $admin->email = "unknown@unknown.com";
     $admin->admin = true;
-- 
cgit v1.2.3


From 7d98d4b7b9d16f32ed98c8eeb051be4149468dc6 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 18 Feb 2010 16:20:59 -0800
Subject: Revert "Fix for ticket #491: Make user and group names translatable."

This reverts commit 409121942590e12692eaf4e6e9e8b71bfe5ed60c.
---
 modules/gallery/controllers/user_profile.php    | 5 ++---
 modules/gallery/helpers/gallery_event.php       | 3 ---
 modules/gallery/views/permissions_form.html.php | 2 +-
 modules/user/helpers/user_installer.php         | 8 ++++----
 modules/user/models/user.php                    | 2 +-
 modules/user/views/admin_users.html.php         | 2 +-
 modules/user/views/admin_users_group.html.php   | 6 +++---
 7 files changed, 12 insertions(+), 16 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 05373466..327d2ff1 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -23,8 +23,7 @@ class User_Profile_Controller extends Controller {
     $user = identity::lookup_user($id);
     $active_user = identity::active_user();
     $is_current_active = $active_user->id == $id;
-    $can_edit = $is_current_active && !$active_user->guest;
-    $display_all = $active_user->admin || $can_edit;
+    $display_all =  $active_user->admin || ($is_current_active && !$active_user->guest);
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
@@ -33,7 +32,7 @@ class User_Profile_Controller extends Controller {
     // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $can_edit;
+    $v->content->editable = identity::is_writable() && $display_all;
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 3f77bc42..faf1c0c6 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -423,9 +423,6 @@ class gallery_event_Core {
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
-        if ($field == "full_name") {
-          $value = t($value);
-        }
         $v->user_profile_data[(string) $label] = $value;
       }
     }
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index b486acb7..f1714119 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -5,7 +5,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= html::clean(t($group->name)) ?> </th>
+      <th> <?= html::clean($group->name) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index c57ad010..729f087a 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -98,25 +98,25 @@ class user_installer {
                DEFAULT CHARSET=utf8;");
 
     $everybody = ORM::factory("group");
-    $everybody->name = t("Everybody", array("locale" => "root"));
+    $everybody->name = "Everybody";
     $everybody->special = true;
     $everybody->save();
 
     $registered = ORM::factory("group");
-    $registered->name = t("Registered Users", array("locale" => "root"));
+    $registered->name = "Registered Users";
     $registered->special = true;
     $registered->save();
 
     $guest = ORM::factory("user");
     $guest->name = "guest";
-    $guest->full_name = t("Guest User", array("locale" => "root"));
+    $guest->full_name = "Guest User";
     $guest->password = "";
     $guest->guest = true;
     $guest->save();
 
     $admin = ORM::factory("user");
     $admin->name = "admin";
-    $admin->full_name = t("Gallery Administrator", array("locale" => "root"));
+    $admin->full_name = "Gallery Administrator";
     $admin->password = "admin";
     $admin->email = "unknown@unknown.com";
     $admin->admin = true;
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index aa752203..4404ee63 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -113,7 +113,7 @@ class User_Model extends ORM implements User_Definition {
    * @return string
    */
   public function display_name() {
-    return empty($this->full_name) ? $this->name : t($this->full_name);
+    return empty($this->full_name) ? $this->name : $this->full_name;
   }
 
   /**
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 69d97547..270a7207 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -78,7 +78,7 @@
               <?= html::clean($user->name) ?>
             </td>
             <td>
-            <?= t(html::clean($user->full_name)) ?>
+              <?= html::clean($user->full_name) ?>
             </td>
             <td>
               <?= html::clean($user->email) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index 8317d393..6c6c341e 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= t(html::clean($group->name)) ?>
+  <?= html::clean($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => t(html::clean($group->name))))->for_html_attr() ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
     class="g-dialog-link g-button g-right">
     <span class="ui-icon ui-icon-trash"><?= t("Delete") ?></span></a>
   <? else: ?>
@@ -22,7 +22,7 @@
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="g-button g-right ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => t(html::clean($group->name))))->for_html_attr() ?>">
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("Remove") ?></span>
     </a>
     <? endif ?>
-- 
cgit v1.2.3


From 0d72daf3d2d831ca3588ebabe720029bab3ccb8f Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 18 Feb 2010 16:32:25 -0800
Subject: Restore the gallery_installer change from reverted
 dcddc68f58dac2f0fe71f5a00ea4af32618efa13 that casts $powered_by_string from
 SafeString to string.

---
 modules/gallery/helpers/gallery_installer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index 45d991af..b594ddcf 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -287,7 +287,7 @@ class gallery_installer {
     // Mark string for translation
     $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>",
                            array("locale" => "root"));
-    module::set_var("gallery", "credits", $powered_by_string);
+    module::set_var("gallery", "credits", (string) $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
     module::set_version("gallery", 29);
-- 
cgit v1.2.3


From 4c637530440860a90ac39fe04037ed8adfcbe17a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 18 Feb 2010 16:33:57 -0800
Subject: Restore the user_profile.php change from reverted
 409121942590e12692eaf4e6e9e8b71bfe5ed60c that had this comment in the change:
 "Also fixed a UI bug: No longer showing the edit user buttons to admins in
 the profile view (to be consistent with the requirements in the controller)."

---
 modules/gallery/controllers/user_profile.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 327d2ff1..05373466 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -23,7 +23,8 @@ class User_Profile_Controller extends Controller {
     $user = identity::lookup_user($id);
     $active_user = identity::active_user();
     $is_current_active = $active_user->id == $id;
-    $display_all =  $active_user->admin || ($is_current_active && !$active_user->guest);
+    $can_edit = $is_current_active && !$active_user->guest;
+    $display_all = $active_user->admin || $can_edit;
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
@@ -32,7 +33,7 @@ class User_Profile_Controller extends Controller {
     // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $display_all;
+    $v->content->editable = identity::is_writable() && $can_edit;
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
-- 
cgit v1.2.3


From 2846d81171c7101e5015995f848d4cc3a9ddebf6 Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Thu, 18 Feb 2010 23:00:58 -0700
Subject: First pass at user profile formatting updates. Moved buttons to the
 top, simplified HTML and CSS.

---
 modules/gallery/css/gallery.css                  | 34 +++++++++-
 modules/gallery/views/user_profile.html.php      | 84 ++++++++----------------
 modules/gallery/views/user_profile_info.html.php |  2 +-
 3 files changed, 62 insertions(+), 58 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/css/gallery.css b/modules/gallery/css/gallery.css
index e06c4dd9..f3e5ec6d 100644
--- a/modules/gallery/css/gallery.css
+++ b/modules/gallery/css/gallery.css
@@ -55,6 +55,34 @@
   margin: 0;
 }
 
+/* User profile ~~~~~~~~~~~~~~~~~~~~~~~~~ */
+
+#g-user-profile h1 {
+  margin: 1em 0;
+}
+
+#g-user-profile .g-avatar {
+  margin-right: .6em;
+}
+
+#g-user-profile .g-block {
+  margin-top: 0;
+}
+
+#g-user-profile .g-block-content {
+  margin-top: 0;
+}
+
+#g-user-profile th,
+#g-user-profile td {
+  border: none;
+}
+
+#g-user-profile th {
+  white-space: nowrap;
+  width: 1%;
+}
+
 /** *******************************************************************
  * 2) Admin
  **********************************************************************/
@@ -96,4 +124,8 @@
 .rtl #g-block-admin .g-left {
   margin-left: 1em;
   margin-right: 0;
-}
\ No newline at end of file
+}
+
+.rtl #g-user-profile .g-avatar {
+  margin-left: .6em;
+}
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 1c346c26..53e8dc1e 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -1,27 +1,4 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<style>
-  #g-user-profile div {
-    margin-top: 1em;
-  }
-
-  #g-user-profile fieldset {
-    border: 1px solid #CCCCCC;
-    padding: 0 1em 0.8em;
-  }
-
-  #g-user-profile fieldset label {
-    font-weight: bold;
-  }
-
-  #g-user-profile fieldset div {
-    padding-left: 1em;
-  }
-
-  #g-user-profile td {
-    border: none;
-    padding: 0;
-  }
-</style>
 <script type="text/javascript">
   $(document).ready(function() {
     $("#g-profile-return").click(function(event) {
@@ -31,45 +8,40 @@
   });
 </script>
 <div id="g-user-profile">
-  <h1>
-    <a href="#">
-      <img src="<?= $user->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
-           alt="<?= html::clean_attribute($user->display_name()) ?>"
-           class="g-avatar" width="40" height="40" />
-    </a>
-    <?= t("%name Profile", array("name" => $user->display_name())) ?>
-  </h1>
-  <? foreach ($info_parts as $info): ?>
-  <div>
-    <fieldset>
-    <label><?= html::purify($info->title) ?></label>
-    <div>
-    <?= $info->view ?>
-    </div>
-    </fieldset>
-  </div>
-  <? endforeach ?>
-  <div id="g-profile-buttons" class="ui-helper-clearfix g-right">
-    <? if (!$user->guest && $not_current && !empty($user->email)): ?>
-    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link"
-       href="<?= url::site("user_profile/contact/{$user->id}") ?>">
-      <?= t("Contact") ?>
+  <div class="ui-helper-clearfix">
+    <a id="g-profile-return" class="g-button g-right ui-state-default ui-corner-all" href="#">
+      <?= t("Return") ?>
     </a>
-    <? endif ?>
-    <? if ($editable): ?>
-    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
-      <?= t("Edit") ?>
+    <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_email/{$user->id}") ?>">
+      <?= t("Change email") ?>
     </a>
-    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
+    <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
       <?= t("Change password") ?>
     </a>
-    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_email/{$user->id}") ?>">
-      <?= t("Change email") ?>
+    <? if ($editable): ?>
+    <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
+      <?= t("Edit") ?>
     </a>
     <? endif ?>
-
-    <a id="g-profile-return" class="g-button ui-icon-right ui-state-default ui-corner-all" href="#">
-      <?= t("Return") ?>
+    <? if (!$user->guest && $not_current && !empty($user->email)): ?>
+    <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link"
+       href="<?= url::site("user_profile/contact/{$user->id}") ?>">
+      <?= t("Contact") ?>
     </a>
+    <? endif ?>
   </div>
+  <h1>
+    <img src="<?= $user->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
+       alt="<?= html::clean_attribute($user->display_name()) ?>"
+       class="g-avatar g-left" width="40" height="40" />
+    <?= t("User profile: %name", array("name" => $user->display_name())) ?>
+  </h1>
+  <? foreach ($info_parts as $info): ?>
+  <div class="g-block">
+    <h2><?= html::purify($info->title) ?></h2>
+    <div class="g-block-content">
+    <?= $info->view ?>
+    </div>
+  </div>
+  <? endforeach ?>
 </div>
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
index 58e134bb..e559abda 100644
--- a/modules/gallery/views/user_profile_info.html.php
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -2,7 +2,7 @@
 <table>
   <? foreach ($user_profile_data as $label => $value): ?>
   <tr>
-    <td><?= html::clean($label) ?></td>
+    <th><?= html::clean($label) ?></th>
     <td><?= html::purify($value) ?></td>
   </tr>
   <? endforeach ?>
-- 
cgit v1.2.3


From 643fffdba0e595e4e3c4777a52088f81bafded40 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 19 Feb 2010 09:49:05 -0800
Subject: Add spaces around %name in the "create a file" text so that
 double-clicking the token only selects that one word, not the word on the
 line before (which happens on Chrome/Linux)

---
 modules/gallery/views/upgrader.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index 55731440..c7a96cb5 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -112,7 +112,7 @@
         <? else: // can_upgrade ?>
         <h1> <?= t("Who are you?") ?> </h1>
         <p>
-          <?= t("You're not logged in as an administrator, so we have to verify you to make sure it's ok for you to do an upgrade.  To prove you can run an upgrade, create a file called <b>%name</b> in your <b>%tmp_dir_path</b> directory.",
+          <?= t("You're not logged in as an administrator, so we have to verify you to make sure it's ok for you to do an upgrade.  To prove you can run an upgrade, create a file called <b> %name </b> in your <b>%tmp_dir_path</b> directory.",
                 array("name" => "$upgrade_token",
                       "tmp_dir_path" => "gallery3/var/tmp")) ?>
         </p>
-- 
cgit v1.2.3


From d388e4bb868602f293b73918981bee1de6176a24 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 19 Feb 2010 11:40:49 -0800
Subject: Refactor away the "display_all" construct in User_Profile_Controller.
 "display_all" is too coarse, and we should be letting event handlers make the
 appropriate decision on what to display and when.  This duplicates some code,
 but it's now very clear in the event handlers what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
---
 modules/gallery/controllers/user_profile.php       | 16 +++++-----
 modules/gallery/helpers/gallery_event.php          |  2 +-
 modules/gallery/views/user_profile.html.php        |  4 +--
 .../notification/helpers/notification_event.php    | 36 +++++++++++++---------
 modules/rest/helpers/rest_event.php                | 28 +++++++++++------
 5 files changed, 51 insertions(+), 35 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 05373466..b89bc358 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -21,21 +21,21 @@ class User_Profile_Controller extends Controller {
   public function show($id) {
     // If we get here, then we should have a user id other than guest.
     $user = identity::lookup_user($id);
-    $active_user = identity::active_user();
-    $is_current_active = $active_user->id == $id;
-    $can_edit = $is_current_active && !$active_user->guest;
-    $display_all = $active_user->admin || $can_edit;
+    if (!$user) {
+      throw new Kohana_404_Exception();
+    }
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
     $v->content = new View("user_profile.html");
 
-    // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
-    $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $can_edit;
+    $v->content->contactable =
+      !$user->guest && $user->id != identity::active_user()->id && $user->email;
+    $v->content->editable =
+      identity::is_writable() && !$user->guest && $user->id == identity::active_user()->id;
 
-    $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
+    $event_data = (object)array("user" => $user, "content" => array());
     module::event("show_user_profile", $event_data);
     $v->content->info_parts = $event_data->content;
 
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index faf1c0c6..36f91142 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -413,7 +413,7 @@ class gallery_event_Core {
 
     $fields = array("name" => t("Name"), "locale" => t("Language Preference"),
                     "email" => t("Email"), "full_name" => t("Full name"), "url" => "Web site");
-    if (!$data->display_all) {
+    if (!$data->user->guest) {
       $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
     }
     $v->user_profile_data = array();
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 53e8dc1e..257bd7ca 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -12,18 +12,18 @@
     <a id="g-profile-return" class="g-button g-right ui-state-default ui-corner-all" href="#">
       <?= t("Return") ?>
     </a>
+    <? if ($editable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_email/{$user->id}") ?>">
       <?= t("Change email") ?>
     </a>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
       <?= t("Change password") ?>
     </a>
-    <? if ($editable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
       <?= t("Edit") ?>
     </a>
     <? endif ?>
-    <? if (!$user->guest && $not_current && !empty($user->email)): ?>
+    <? if ($contactable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link"
        href="<?= url::site("user_profile/contact/{$user->id}") ?>">
       <?= t("Contact") ?>
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index c8628ae4..19e8dedb 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -128,23 +128,31 @@ class notification_event_Core {
   }
 
   static function show_user_profile($data) {
-    if ($data->display_all) {
-      $view = new View("user_profile_notification.html");
-      $view->subscriptions = array();
-      foreach(ORM::factory("subscription")
-              ->where("user_id", "=", $data->user->id)
-              ->find_all() as $subscription) {
-        $item = ORM::factory("item")
+    // Guests don't see comment listings
+    if (identity::active_user()->guest) {
+      return;
+    }
+
+    // Only logged in users can see their comment listings
+    if (identity::active_user()->id != $data->user->id) {
+      return;
+    }
+
+    $view = new View("user_profile_notification.html");
+    $view->subscriptions = array();
+    foreach(ORM::factory("subscription")
+            ->where("user_id", "=", $data->user->id)
+            ->find_all() as $subscription) {
+      $item = ORM::factory("item")
           ->where("id", "=", $subscription->item_id)
           ->find();
-        if ($item->loaded()) {
-          $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title,
-                                                 "url" => $item->url());
-        }
-      }
-      if (count($view->subscriptions) > 0) {
-        $data->content[] = (object)array("title" => t("Watching"), "view" => $view);
+      if ($item->loaded()) {
+        $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title,
+                                               "url" => $item->url());
       }
     }
+    if (count($view->subscriptions) > 0) {
+      $data->content[] = (object)array("title" => t("Watching"), "view" => $view);
+    }
   }
 }
\ No newline at end of file
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index f9aa34e3..c46e65c4 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -76,19 +76,27 @@ class rest_event {
   }
 
   static function show_user_profile($data) {
-    if ($data->display_all) {
-      $view = new View("user_profile_rest.html");
-      $key = ORM::factory("user_access_token")
+    // Guests can't see a REST key
+    if (identity::active_user()->guest) {
+      return;
+    }
+
+    // Only logged in users can see their own REST key
+    if (identity::active_user()->id != $data->user->id) {
+      return;
+    }
+
+    $view = new View("user_profile_rest.html");
+    $key = ORM::factory("user_access_token")
         ->where("user_id", "=", $data->user->id)
         ->find();
 
-      if (!$key->loaded()) {
-        $key->user_id = $data->user->id;
-        $key->access_key = md5($data->user->name . rand());
-        $key->save();
-      }
-      $view->rest_key = $key->access_key;
-      $data->content[] = (object)array("title" => t("Rest api"), "view" => $view);
+    if (!$key->loaded()) {
+      $key->user_id = $data->user->id;
+      $key->access_key = md5($data->user->name . rand());
+      $key->save();
     }
+    $view->rest_key = $key->access_key;
+    $data->content[] = (object)array("title" => t("Rest api"), "view" => $view);
   }
 }
-- 
cgit v1.2.3


From 10c06989493bdded5f15880baadbc93c5d8ee296 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 19 Feb 2010 11:48:54 -0800
Subject: Correct the view_fillsize permission to view_full. In addition,
 change the name of the field containing the url to the fullsize image to
 file_url instead of fullzie_url

---
 modules/gallery/models/item.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index a64bcb49..d80e2bc4 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -930,11 +930,11 @@ class Item_Model extends ORM_MPTT {
     }
     unset($data["album_cover_item_id"]);
 
-    if (access::can("view_fillsize", $this)  && $this->is_photo()) {
-      $data["fullsize_url"] = $this->abs_url(true);
+    if (access::can("view_full", $this) && $this->is_photo()) {
+      $data["file_url"] = $this->abs_url(true);
     }
 
-    if ($tmp = $this->resize_url(true)  && $this->is_photo()) {
+    if ($tmp = $this->resize_url(true) && $this->is_photo()) {
       $data["resize_url"] = $tmp;
     }
     $data["thumb_url"] = $this->thumb_url(true);
-- 
cgit v1.2.3


From 5fbc472300ce6b19a2694a5f91b1fe0b2cc470f3 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 19 Feb 2010 11:54:03 -0800
Subject: Fix the resize_url and file_url in as_restful_array()

---
 modules/gallery/models/item.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index d80e2bc4..d747b84d 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -931,10 +931,10 @@ class Item_Model extends ORM_MPTT {
     unset($data["album_cover_item_id"]);
 
     if (access::can("view_full", $this) && $this->is_photo()) {
-      $data["file_url"] = $this->abs_url(true);
+      $data["file_url"] = $this->file_url(true);
     }
 
-    if ($tmp = $this->resize_url(true) && $this->is_photo()) {
+    if (($tmp = $this->resize_url(true)) && $this->is_photo()) {
       $data["resize_url"] = $tmp;
     }
     $data["thumb_url"] = $this->thumb_url(true);
-- 
cgit v1.2.3


From 9b7542b9f1beb96f16123beebdd13728783f6dcd Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 21 Feb 2010 17:14:19 -0800
Subject: Add Menu::add_before()

---
 modules/gallery/libraries/Menu.php | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php
index 7c76ab04..fef07916 100644
--- a/modules/gallery/libraries/Menu.php
+++ b/modules/gallery/libraries/Menu.php
@@ -184,7 +184,7 @@ class Menu_Core extends Menu_Element {
   }
 
   /**
-   * Add a new element to this menu
+   * Add a new element to this menu, after the specific element
    */
   public function add_after($target_id, $new_menu_element) {
     $copy = array();
@@ -198,6 +198,21 @@ class Menu_Core extends Menu_Element {
     return $this;
   }
 
+  /**
+   * Add a new element to this menu, before the specific element
+   */
+  public function add_before($target_id, $new_menu_element) {
+    $copy = array();
+    foreach ($this->elements as $id => $menu_element) {
+      if ($id == $target_id) {
+        $copy[$new_menu_element->id] = $new_menu_element;
+      }
+      $copy[$id] = $menu_element;
+    }
+    $this->elements = $copy;
+    return $this;
+  }
+
   /**
    * Remove an element from the menu
    */
-- 
cgit v1.2.3


From 5ddd7c9677b644396981de7df8176a3b168ffe21 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 20:04:06 -0800
Subject: Fix Kohana's internal cache for Gallery's usage pattern. Adds a
 core.internal_cache_read_only config variable to Kohana's internals.

Kohana's internal_cache for find_file wasn't working in Gallery because the cache would be emptied on each request after reading it from disk and before most lookups would run.
 1. Bootstrap sets initial core.modules (= include path): forge, kohana23_compat, gallery.
 2. Kohana::setup() loads find_file cache from disk.
 3. Gallery loads list of active modules and themes, and updates the core.modules value (=include path), which forces the internal find_file cache to be empties (which makes sense).
 4. Request processing starts, and thus 80% of all Kohana::find_file() triggered  is_file() invocations start off with an empty find_file cache.

In the case of my small Gallery installation, we're talking about 3100 is_file() invocations per request with or without internal_cache enabled. With this fix, this number is down to 800 invocations.

The basic idea is that we treat the cache as read only and don't write any (possibly dirty) values to it in memory until we're sure that the include path won't change later on in the request processing. Once we know the list of active modules and themes, we can update core.modules and finally flip the read-only state of the cache and start writing to it.
---
 application/config/config.php             |  6 ++++
 modules/gallery/helpers/gallery_event.php |  1 +
 system/core/Kohana.php                    | 47 ++++++++++++++++++++-----------
 3 files changed, 37 insertions(+), 17 deletions(-)

(limited to 'modules/gallery')

diff --git a/application/config/config.php b/application/config/config.php
index aecc400c..1c5bccb7 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -67,6 +67,12 @@ $config["url_suffix"] = "";
  * can give significant speed improvements at the expense of delayed updating.
  */
 $config["internal_cache"] = FALSE;
+/**
+ * Enable or disable writing to the internal cache. Used by Gallery to treat
+ * the cache as read-only until all active modules and themes are in the
+ * include path.
+ */
+$config["internal_cache_read_only"] = TRUE;
 $config["internal_cache_path"] = VARPATH . "tmp/";
 
 /**
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 36f91142..a6783bc6 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -25,6 +25,7 @@ class gallery_event_Core {
   static function gallery_ready() {
     identity::load_user();
     theme::load_themes();
+    Kohana_Config::instance()->set('core.internal_cache_read_only', false);
     locales::set_request_locale();
   }
 
diff --git a/system/core/Kohana.php b/system/core/Kohana.php
index ae056d0e..1ed6d725 100644
--- a/system/core/Kohana.php
+++ b/system/core/Kohana.php
@@ -365,13 +365,17 @@ abstract class Kohana_Core {
 			// Add SYSPATH as the last path
 			Kohana::$include_paths[] = SYSPATH;
 
-			// Clear cached include paths
-			self::$internal_cache['find_file_paths'] = array();
-			if ( ! isset(self::$write_cache['find_file_paths']))
+			if ( ! Kohana::config('core.internal_cache_read_only'))
 			{
-				// Write cache at shutdown
-				self::$write_cache['find_file_paths'] = TRUE;
-			}
+				// Clear cached include paths
+				self::$internal_cache['find_file_paths'] = array();
+
+				if ( ! isset(self::$write_cache['find_file_paths']))
+				{
+					// Write cache at shutdown
+					self::$write_cache['find_file_paths'] = TRUE;
+				}
+                        }
 
 		}
 
@@ -818,13 +822,17 @@ abstract class Kohana_Core {
 			}
 		}
 
-		if ( ! isset(Kohana::$write_cache['find_file_paths']))
+		if ( ! Kohana::config('core.internal_cache_read_only'))
 		{
-			// Write cache at shutdown
-			Kohana::$write_cache['find_file_paths'] = TRUE;
-		}
+			Kohana::$internal_cache['find_file_paths'][$search] = $found;
 
-		return Kohana::$internal_cache['find_file_paths'][$search] = $found;
+			if ( ! isset(Kohana::$write_cache['find_file_paths']))
+			{
+				// Write cache at shutdown
+				Kohana::$write_cache['find_file_paths'] = TRUE;
+			}
+		}
+		return $found;
 	}
 
 	/**
@@ -900,8 +908,7 @@ abstract class Kohana_Core {
 	public static function message($key, $args = array())
 	{
 		// Extract the main group from the key
-		$group = explode('.', $key, 2);
-		$group = $group[0];
+		list ($group, $subkey) = explode('.', $key, 2);
 
 		if ( ! isset(Kohana::$internal_cache['messages'][$group]))
 		{
@@ -913,17 +920,23 @@ abstract class Kohana_Core {
 				include $file[0];
 			}
 
-			if ( ! isset(Kohana::$write_cache['messages']))
+			if ( ! isset(Kohana::$write_cache['messages']) && ! Kohana::config('core.internal_cache_read_only'))
 			{
 				// Write language cache
 				Kohana::$write_cache['messages'] = TRUE;
 			}
-
-			Kohana::$internal_cache['messages'][$group] = $messages;
+			if ( ! Kohana::config('core.internal_cache_read_only'))
+			{
+				Kohana::$internal_cache['messages'][$group] = $messages;
+			}
+		}
+		else
+		{
+			$messages = Kohana::$internal_cache['messages'][$group];
 		}
 
 		// Get the line from cache
-		$line = Kohana::key_string(Kohana::$internal_cache['messages'], $key);
+		$line = Kohana::key_string($messages, $subkey);
 
 		if ($line === NULL)
 		{
-- 
cgit v1.2.3


From 6cbe0f78aa80a2810908a76ca163f1dfff2f0726 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 21:07:55 -0800
Subject: Revert "Fix Kohana's internal cache for Gallery's usage pattern."

This reverts commit 5ddd7c9677b644396981de7df8176a3b168ffe21.
---
 application/config/config.php             |  6 ----
 modules/gallery/helpers/gallery_event.php |  1 -
 system/core/Kohana.php                    | 47 +++++++++++--------------------
 3 files changed, 17 insertions(+), 37 deletions(-)

(limited to 'modules/gallery')

diff --git a/application/config/config.php b/application/config/config.php
index 1c5bccb7..aecc400c 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -67,12 +67,6 @@ $config["url_suffix"] = "";
  * can give significant speed improvements at the expense of delayed updating.
  */
 $config["internal_cache"] = FALSE;
-/**
- * Enable or disable writing to the internal cache. Used by Gallery to treat
- * the cache as read-only until all active modules and themes are in the
- * include path.
- */
-$config["internal_cache_read_only"] = TRUE;
 $config["internal_cache_path"] = VARPATH . "tmp/";
 
 /**
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index a6783bc6..36f91142 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -25,7 +25,6 @@ class gallery_event_Core {
   static function gallery_ready() {
     identity::load_user();
     theme::load_themes();
-    Kohana_Config::instance()->set('core.internal_cache_read_only', false);
     locales::set_request_locale();
   }
 
diff --git a/system/core/Kohana.php b/system/core/Kohana.php
index 1ed6d725..ae056d0e 100644
--- a/system/core/Kohana.php
+++ b/system/core/Kohana.php
@@ -365,17 +365,13 @@ abstract class Kohana_Core {
 			// Add SYSPATH as the last path
 			Kohana::$include_paths[] = SYSPATH;
 
-			if ( ! Kohana::config('core.internal_cache_read_only'))
+			// Clear cached include paths
+			self::$internal_cache['find_file_paths'] = array();
+			if ( ! isset(self::$write_cache['find_file_paths']))
 			{
-				// Clear cached include paths
-				self::$internal_cache['find_file_paths'] = array();
-
-				if ( ! isset(self::$write_cache['find_file_paths']))
-				{
-					// Write cache at shutdown
-					self::$write_cache['find_file_paths'] = TRUE;
-				}
-                        }
+				// Write cache at shutdown
+				self::$write_cache['find_file_paths'] = TRUE;
+			}
 
 		}
 
@@ -822,17 +818,13 @@ abstract class Kohana_Core {
 			}
 		}
 
-		if ( ! Kohana::config('core.internal_cache_read_only'))
+		if ( ! isset(Kohana::$write_cache['find_file_paths']))
 		{
-			Kohana::$internal_cache['find_file_paths'][$search] = $found;
-
-			if ( ! isset(Kohana::$write_cache['find_file_paths']))
-			{
-				// Write cache at shutdown
-				Kohana::$write_cache['find_file_paths'] = TRUE;
-			}
+			// Write cache at shutdown
+			Kohana::$write_cache['find_file_paths'] = TRUE;
 		}
-		return $found;
+
+		return Kohana::$internal_cache['find_file_paths'][$search] = $found;
 	}
 
 	/**
@@ -908,7 +900,8 @@ abstract class Kohana_Core {
 	public static function message($key, $args = array())
 	{
 		// Extract the main group from the key
-		list ($group, $subkey) = explode('.', $key, 2);
+		$group = explode('.', $key, 2);
+		$group = $group[0];
 
 		if ( ! isset(Kohana::$internal_cache['messages'][$group]))
 		{
@@ -920,23 +913,17 @@ abstract class Kohana_Core {
 				include $file[0];
 			}
 
-			if ( ! isset(Kohana::$write_cache['messages']) && ! Kohana::config('core.internal_cache_read_only'))
+			if ( ! isset(Kohana::$write_cache['messages']))
 			{
 				// Write language cache
 				Kohana::$write_cache['messages'] = TRUE;
 			}
-			if ( ! Kohana::config('core.internal_cache_read_only'))
-			{
-				Kohana::$internal_cache['messages'][$group] = $messages;
-			}
-		}
-		else
-		{
-			$messages = Kohana::$internal_cache['messages'][$group];
+
+			Kohana::$internal_cache['messages'][$group] = $messages;
 		}
 
 		// Get the line from cache
-		$line = Kohana::key_string($messages, $subkey);
+		$line = Kohana::key_string(Kohana::$internal_cache['messages'], $key);
 
 		if ($line === NULL)
 		{
-- 
cgit v1.2.3


From 8e7eda9cc62c64e77fffabacae7441f8ea076c9d Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 23:23:48 -0800
Subject: Fix progress bar / maintenance tasks for locales that use comma as
 decimal separator, such as German.

---
 modules/gallery/controllers/admin_maintenance.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index d90fe0ea..c16c5c41 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -209,9 +209,10 @@ class Admin_Maintenance_Controller extends Admin_Controller {
         message::success(t("Task failed"));
         break;
       }
+      // Using sprintf("%F") to avoid comma as decimal separator.
       print json_encode(array("result" => "success",
                               "task" => array(
-                                "percent_complete" => $task->percent_complete,
+                                "percent_complete" => sprintf("%F", $task->percent_complete),
                                 "status" => (string) $task->status,
                                 "done" => (bool) $task->done),
                               "location" => url::site("admin/maintenance")));
@@ -219,7 +220,7 @@ class Admin_Maintenance_Controller extends Admin_Controller {
     } else {
       print json_encode(array("result" => "in_progress",
                               "task" => array(
-                                "percent_complete" => $task->percent_complete,
+                                "percent_complete" => sprintf("%F", $task->percent_complete),
                                 "status" => (string) $task->status,
                                 "done" => (bool) $task->done)));
     }
-- 
cgit v1.2.3


From 6591ea25771f2ab31fea4bf3b7a6fd76c586e098 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 23:48:23 -0800
Subject: Fix delete() function of DB based Cache driver. It expected a scalar
 key / tag value, but it was always an array of keys / tags. (compare to
 system/libraries/Cache.php and the File.php driver)

---
 modules/gallery/libraries/drivers/Cache/Database.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php
index 82a09ab9..085c5c35 100644
--- a/modules/gallery/libraries/drivers/Cache/Database.php
+++ b/modules/gallery/libraries/drivers/Cache/Database.php
@@ -153,15 +153,17 @@ class Cache_Database_Driver extends Cache_Driver {
    * @param  bool    delete a tag
    * @return bool
    */
-  public function delete($id, $tag=false) {
+  public function delete($keys, $is_tag=false) {
     $db = db::build()
       ->delete("caches");
-    if ($id === true) {
+    if ($keys === true) {
       // Delete all caches
-    } else if ($tag === true) {
-      $db->where("tags", "LIKE", "%<$id>%");
+    } else if ($is_tag === true) {
+      foreach ($keys as $tag) {
+        $db->where("tags", "LIKE", "%<$tag>%");
+      }
     } else {
-      $db->where("key", "=", $id);
+      $db->where("key", "IN", $keys);
     }
 
     $status = $db->execute();
-- 
cgit v1.2.3


From 334cd2368de24a76cd49681a14295350e85714d0 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 23:50:01 -0800
Subject: Performance improvement: Load all translations of a locale as one
 serialized array from the Cache. Until now, we loaded hundreds of translation
 messages row by row, and unserializing one by one at bootstrap time. That
 amounted to a significant percentage of the complete request time. This
 approach is more than 10x faster.

---
 modules/gallery/controllers/l10n_client.php |  2 ++
 modules/gallery/helpers/gallery_task.php    |  2 ++
 modules/gallery/libraries/Gallery_I18n.php  | 45 ++++++++++++++++++++---------
 3 files changed, 36 insertions(+), 13 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index e20bab50..be0aaa11 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -80,6 +80,8 @@ class L10n_Client_Controller extends Controller {
 
     $entry->save();
 
+    Gallery_I18n::clear_cache($locale);
+
     print json_encode(new stdClass());
   }
 
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 3e6278e5..617f7f48 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -201,6 +201,8 @@ class gallery_task_Core {
           $total = $num_fetched + $num_remaining;
           $task->percent_complete = 70 + 30 * ((float) $num_fetched / $total);
         } else {
+          Gallery_I18n::clear_cache();
+
           $task->done = true;
           $task->state = "success";
           $task->status = t("Translations installed/updated");
diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index ac0588e3..0e9c0bdc 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -150,33 +150,43 @@ class Gallery_I18n_Core {
 
   private function lookup($locale, $message) {
     if (!isset($this->_cache[$locale])) {
-      $this->_cache[$locale] = array();
-      // TODO: Load data from locale file instead of the DB.
+      $this->_cache[$locale] = self::load_translations($locale);
+    }
+
+    $key = self::get_message_key($message);
+
+    if (isset($this->_cache[$locale][$key])) {
+      return $this->_cache[$locale][$key];
+    } else {
+      return null;
+    }
+  }
+
+  private static function load_translations($locale) {
+    $cache_key = "translation|" . $locale;
+    $cache = Cache::instance();
+    $translations = $cache->get($cache_key);
+    if (empty($translations)) {
       foreach (db::build()
                ->select("key", "translation")
                ->from("incoming_translations")
                ->where("locale", "=", $locale)
                ->execute() as $row) {
-        $this->_cache[$locale][$row->key] = unserialize($row->translation);
+        $translations[$row->key] = unserialize($row->translation);
       }
-
+      
       // Override incoming with outgoing...
       foreach (db::build()
                ->select("key", "translation")
                ->from("outgoing_translations")
                ->where("locale", "=", $locale)
                ->execute() as $row) {
-        $this->_cache[$locale][$row->key] = unserialize($row->translation);
+        $translations[$row->key] = unserialize($row->translation);
       }
+      
+      $cache->set($cache_key, $translations, array("translation"), 0);
     }
-
-    $key = self::get_message_key($message);
-
-    if (isset($this->_cache[$locale][$key])) {
-      return $this->_cache[$locale][$key];
-    } else {
-      return null;
-    }
+    return $translations;
   }
 
   public function has_translation($message, $options=null) {
@@ -256,6 +266,15 @@ class Gallery_I18n_Core {
     return $this->_call_log;
   }
 
+  public static function clear_cache($locale=null) {
+    $cache = Cache::instance();
+    if ($locale) {
+      $cache->delete("translation|" . $locale);
+    } else {
+      $cache->delete_tag("translation");
+    }
+  }
+
   private static function get_plural_key($locale, $count) {
     $parts = explode('_', $locale);
     $language = $parts[0];
-- 
cgit v1.2.3


From 6ce01328422cc587dedf555d0ba3eb8a0ee05a9f Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 22 Feb 2010 00:30:54 -0800
Subject: Fix for ticket #1027: Add index on cache key column. (and fix the
 packager to truncate the cache table before packaging)

---
 installer/install.sql                         |  3 ++-
 modules/gallery/controllers/packager.php      |  1 +
 modules/gallery/helpers/gallery_installer.php | 12 +++++++++++-
 modules/gallery/module.info                   |  2 +-
 4 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'modules/gallery')

diff --git a/installer/install.sql b/installer/install.sql
index 28a9caa5..ebe3651d 100644
--- a/installer/install.sql
+++ b/installer/install.sql
@@ -42,6 +42,7 @@ CREATE TABLE {caches} (
   `expiration` int(9) NOT NULL,
   `cache` longblob,
   PRIMARY KEY  (`id`),
+  KEY `key` (`key`),
   KEY `tags` (`tags`)
 ) DEFAULT CHARSET=utf8;
 SET character_set_client = @saved_cs_client;
@@ -239,7 +240,7 @@ CREATE TABLE {modules} (
   UNIQUE KEY `name` (`name`)
 ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8;
 SET character_set_client = @saved_cs_client;
-INSERT INTO {modules} VALUES (1,1,'gallery',29);
+INSERT INTO {modules} VALUES (1,1,'gallery',30);
 INSERT INTO {modules} VALUES (2,1,'user',3);
 INSERT INTO {modules} VALUES (3,1,'comment',2);
 INSERT INTO {modules} VALUES (4,1,'organize',1);
diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php
index 66626483..aef032a0 100644
--- a/modules/gallery/controllers/packager.php
+++ b/modules/gallery/controllers/packager.php
@@ -82,6 +82,7 @@ class Packager_Controller extends Controller {
       module::set_var("gallery", "blocks_{$key}", serialize($blocks));
     }
 
+    Database::instance()->query("TRUNCATE {caches}");
     Database::instance()->query("TRUNCATE {sessions}");
     Database::instance()->query("TRUNCATE {logs}");
     db::build()
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index b594ddcf..6f8a6688 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -32,6 +32,10 @@ class gallery_installer {
                  PRIMARY KEY (`id`))
                DEFAULT CHARSET=utf8;");
 
+    // Using a simple index instead of a unique key for the
+    // key column to avoid handling of concurrency issues
+    // on insert. Thus allowing concurrent inserts on the
+    // same cache key, as does Memcache / xcache.
     $db->query("CREATE TABLE {caches} (
                 `id` int(9) NOT NULL auto_increment,
                 `key` varchar(255) NOT NULL,
@@ -39,6 +43,7 @@ class gallery_installer {
                 `expiration` int(9) NOT NULL,
                 `cache` longblob,
                 PRIMARY KEY (`id`),
+                KEY (`key`),
                 KEY (`tags`))
                 DEFAULT CHARSET=utf8;");
 
@@ -290,7 +295,7 @@ class gallery_installer {
     module::set_var("gallery", "credits", (string) $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
-    module::set_version("gallery", 29);
+    module::set_version("gallery", 30);
   }
 
   static function upgrade($version) {
@@ -545,6 +550,11 @@ class gallery_installer {
       module::set_var("gallery", "credits", "Powered by <a href=\"%url\">%gallery_version</a>");
       module::set_version("gallery", $version = 29);
     }
+
+    if ($version == 29) {
+      $db->query("ALTER TABLE {caches} ADD KEY (`key`);");
+      module::set_version("gallery", $version = 30);
+    }                
   }
 
   static function uninstall() {
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index 39615e1c..df2be978 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 29
+version = 30
-- 
cgit v1.2.3


From 6afc5ccf5c5d70b3aef4024f892141a07779c25f Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 23 Feb 2010 10:02:27 -0800
Subject: Fix translation cache for installations with 0 translations in the
 DB.

---
 modules/gallery/libraries/Gallery_I18n.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index 0e9c0bdc..f1e77744 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -166,7 +166,8 @@ class Gallery_I18n_Core {
     $cache_key = "translation|" . $locale;
     $cache = Cache::instance();
     $translations = $cache->get($cache_key);
-    if (empty($translations)) {
+    if (!isset($translations) || !is_array($translations)) {
+      $translations = array();
       foreach (db::build()
                ->select("key", "translation")
                ->from("incoming_translations")
-- 
cgit v1.2.3


From fb5503be09047def6efd24a74188ad55af7a80f2 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 23 Feb 2010 11:10:32 -0800
Subject: Name this release "Santa Fe".  Fixes ticket #683.

---
 modules/gallery/helpers/gallery.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 84f8a7fb..a43b180b 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -18,7 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class gallery_Core {
-  const VERSION = "3.0 git (pre-RC1)";
+  const VERSION = "3.0 RC1 (Santa Fe)";
 
   /**
    * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is
-- 
cgit v1.2.3


From 8ab580cec1909fb93ba01fb635e1392a76317623 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 23 Feb 2010 11:50:39 -0800
Subject: Verified

---
 modules/gallery/tests/xss_data.txt | 41 +++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 44233459..a3ca31f4 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -218,8 +218,8 @@ modules/gallery/views/upgrader.html.php                      77  DIRTY    $modul
 modules/gallery/views/upgrader.html.php                      99  DIRTY_ATTR $done?"muted":""
 modules/gallery/views/upgrader.html.php                      102 DIRTY_ATTR $done?"muted":""
 modules/gallery/views/user_languages_block.html.php          2   DIRTY    form::dropdown("g-select-session-locale",$installed_locales,$selected)
-modules/gallery/views/user_profile.html.php                  36  DIRTY_ATTR $user->avatar_url(40,$theme->url(,true))
-modules/gallery/views/user_profile.html.php                  47  DIRTY    $info->view
+modules/gallery/views/user_profile.html.php                  34  DIRTY_ATTR $user->avatar_url(40,$theme->url(,true))
+modules/gallery/views/user_profile.html.php                  43  DIRTY    $info->view
 modules/image_block/views/image_block_block.html.php         3   DIRTY_JS $item->url()
 modules/image_block/views/image_block_block.html.php         4   DIRTY    $item->thumb_img(array("class"=>"g-thumbnail"))
 modules/info/views/info_block.html.php                       22  DIRTY    date("M j, Y H:i:s",$item->captured)
@@ -250,11 +250,11 @@ modules/organize/views/organize_tree.html.php                2   DIRTY_ATTR acce
 modules/organize/views/organize_tree.html.php                3   DIRTY_ATTR $album->id
 modules/organize/views/organize_tree.html.php                6   DIRTY_ATTR $selected&&$album->id==$selected->id?"ui-state-focus":""
 modules/organize/views/organize_tree.html.php                7   DIRTY_ATTR $album->id
-modules/organize/views/organize_tree.html.php                13  DIRTY    View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child));
-modules/organize/views/organize_tree.html.php                15  DIRTY_ATTR access::can("edit",$child)?"":"g-view-only"
-modules/organize/views/organize_tree.html.php                16  DIRTY_ATTR $child->id
-modules/organize/views/organize_tree.html.php                18  DIRTY_ATTR $selected&&$child->id==$selected->id?"ui-state-focus":""
+modules/organize/views/organize_tree.html.php                15  DIRTY    View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child));
+modules/organize/views/organize_tree.html.php                17  DIRTY_ATTR access::can("edit",$child)?"":"g-view-only"
 modules/organize/views/organize_tree.html.php                18  DIRTY_ATTR $child->id
+modules/organize/views/organize_tree.html.php                20  DIRTY_ATTR $selected&&$child->id==$selected->id?"ui-state-focus":""
+modules/organize/views/organize_tree.html.php                20  DIRTY_ATTR $child->id
 modules/recaptcha/views/admin_recaptcha.html.php             11  DIRTY    $form
 modules/recaptcha/views/admin_recaptcha.html.php             23  DIRTY_JS $public_key
 modules/recaptcha/views/form_recaptcha.html.php              7   DIRTY_JS $public_key
@@ -274,21 +274,16 @@ modules/rss/views/feed.mrss.php                              42  DIRTY_ATTR $chi
 modules/rss/views/feed.mrss.php                              48  DIRTY_ATTR $child->thumb_url(true)
 modules/rss/views/feed.mrss.php                              49  DIRTY_ATTR $child->thumb_height
 modules/rss/views/feed.mrss.php                              50  DIRTY_ATTR $child->thumb_width
-modules/rss/views/feed.mrss.php                              54  DIRTY_ATTR $child->resize_url(true)
-modules/rss/views/feed.mrss.php                              55  DIRTY_ATTR @filesize($child->resize_path())
-modules/rss/views/feed.mrss.php                              56  DIRTY_ATTR $child->mime_type
-modules/rss/views/feed.mrss.php                              57  DIRTY_ATTR $child->resize_height
-modules/rss/views/feed.mrss.php                              58  DIRTY_ATTR $child->resize_width
-modules/rss/views/feed.mrss.php                              61  DIRTY_ATTR $child->file_url(true)
-modules/rss/views/feed.mrss.php                              62  DIRTY_ATTR @filesize($child->file_path())
-modules/rss/views/feed.mrss.php                              63  DIRTY_ATTR $child->mime_type
-modules/rss/views/feed.mrss.php                              64  DIRTY_ATTR $child->height
-modules/rss/views/feed.mrss.php                              65  DIRTY_ATTR $child->width
-modules/rss/views/feed.mrss.php                              70  DIRTY_ATTR $child->file_url(true)
-modules/rss/views/feed.mrss.php                              71  DIRTY_ATTR @filesize($child->file_path())
-modules/rss/views/feed.mrss.php                              72  DIRTY_ATTR $child->height
-modules/rss/views/feed.mrss.php                              73  DIRTY_ATTR $child->width
-modules/rss/views/feed.mrss.php                              74  DIRTY_ATTR $child->mime_type
+modules/rss/views/feed.mrss.php                              57  DIRTY_ATTR $child->resize_url(true)
+modules/rss/views/feed.mrss.php                              58  DIRTY_ATTR @filesize($child->resize_path())
+modules/rss/views/feed.mrss.php                              59  DIRTY_ATTR $child->mime_type
+modules/rss/views/feed.mrss.php                              60  DIRTY_ATTR $child->resize_height
+modules/rss/views/feed.mrss.php                              61  DIRTY_ATTR $child->resize_width
+modules/rss/views/feed.mrss.php                              65  DIRTY_ATTR $child->file_url(true)
+modules/rss/views/feed.mrss.php                              66  DIRTY_ATTR @filesize($child->file_path())
+modules/rss/views/feed.mrss.php                              67  DIRTY_ATTR $child->mime_type
+modules/rss/views/feed.mrss.php                              68  DIRTY_ATTR $child->height
+modules/rss/views/feed.mrss.php                              69  DIRTY_ATTR $child->width
 modules/rss/views/rss_block.html.php                         6   DIRTY_JS rss::url($url)
 modules/search/views/search.html.php                         27  DIRTY_ATTR $item_class
 modules/search/views/search.html.php                         28  DIRTY_JS $item->url()
@@ -320,8 +315,8 @@ modules/user/views/admin_users.html.php                      87  DIRTY    ($user
 modules/user/views/admin_users.html.php                      123 DIRTY_ATTR $group->id
 modules/user/views/admin_users.html.php                      123 DIRTY_ATTR ($group->special?"g-default-group":"")
 modules/user/views/admin_users.html.php                      125 DIRTY    $v
-modules/user/views/admin_users_group.html.php                22  DIRTY_JS $user->id
-modules/user/views/admin_users_group.html.php                22  DIRTY_JS $group->id
+modules/user/views/admin_users_group.html.php                24  DIRTY_JS $user->id
+modules/user/views/admin_users_group.html.php                24  DIRTY_JS $group->id
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $width
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $height
 modules/watermark/views/admin_watermarks.html.php            20  DIRTY_ATTR $url
-- 
cgit v1.2.3


From 212da35cdc5c68ad06ff2f0e5d820ccbcf328a89 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 23 Feb 2010 12:48:03 -0800
Subject: Fix Cache tests for recent Cache/Database.php driver fix.

Cache::delete($arg) allows for scalars and arrays, but Cache drivers' delete($arg) function always expects an array.
---
 modules/gallery/tests/Cache_Test.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php
index 1023568b..a942a292 100644
--- a/modules/gallery/tests/Cache_Test.php
+++ b/modules/gallery/tests/Cache_Test.php
@@ -118,7 +118,7 @@ class Cache_Test extends Gallery_Unit_Test_Case {
     $value3 = array("field5" => "value5", "field6" => "value6");
     $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600);
 
-    $this->_driver->delete($id1);
+    $this->_driver->delete(array($id1));
 
     $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted");
     $this->assert_true($this->_driver->exists($id2), "$id2 should not have been deleted");
@@ -138,7 +138,7 @@ class Cache_Test extends Gallery_Unit_Test_Case {
     $value3 = array("field5" => "value5", "field6" => "value6");
     $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600);
 
-    $data = $this->_driver->delete("tag3", true);
+    $data = $this->_driver->delete_tag(array("tag3"));
 
     $this->assert_true($this->_driver->exists($id1), "$id1 should not have been deleted");
     $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted");
-- 
cgit v1.2.3


From d4423eb34970f0068af463ebea17a748910ca835 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 23 Feb 2010 13:50:57 -0800
Subject: Reset the active user to admin in all test cases where we change the
 user to something else.

---
 modules/comment/tests/Comment_Model_Test.php    | 3 +++
 modules/gallery/tests/Access_Helper_Test.php    | 9 +++++----
 modules/gallery/tests/Item_Helper_Test.php      | 3 +--
 modules/gallery/tests/Item_Rest_Helper_Test.php | 4 ++++
 modules/tag/tests/Tags_Rest_Helper_Test.php     | 4 ++++
 5 files changed, 17 insertions(+), 6 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php
index f0449c05..798e4f6d 100644
--- a/modules/comment/tests/Comment_Model_Test.php
+++ b/modules/comment/tests/Comment_Model_Test.php
@@ -18,6 +18,9 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Comment_Model_Test extends Gallery_Unit_Test_Case {
+  public function teardown() {
+    identity::set_active_user(identity::admin_user());
+  }
 
   public function cant_view_comments_for_unviewable_items_test() {
     $album = test::random_album();
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 5331117d..6eca396c 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -20,6 +20,10 @@
 class Access_Helper_Test extends Gallery_Unit_Test_Case {
   private $_group;
 
+  public function setup() {
+    identity::set_active_user(identity::guest());
+  }
+
   public function teardown() {
     try {
       $group = identity::lookup_group_by_name("access_test");
@@ -41,10 +45,7 @@ class Access_Helper_Test extends Gallery_Unit_Test_Case {
 
     // Reset some permissions that we mangle below
     access::allow(identity::everybody(), "view", item::root());
-  }
-
-  public function setup() {
-    identity::set_active_user(identity::guest());
+    identity::set_active_user(identity::admin_user());
   }
 
   public function groups_and_permissions_are_bound_to_columns_test() {
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index 50587702..90106562 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -18,8 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Item_Helper_Test extends Gallery_Unit_Test_Case {
-
-  public function setup() {
+  public function teardown() {
     identity::set_active_user(identity::admin_user());
   }
 
diff --git a/modules/gallery/tests/Item_Rest_Helper_Test.php b/modules/gallery/tests/Item_Rest_Helper_Test.php
index 6d1dd864..7b86c153 100644
--- a/modules/gallery/tests/Item_Rest_Helper_Test.php
+++ b/modules/gallery/tests/Item_Rest_Helper_Test.php
@@ -18,6 +18,10 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case {
+  public function teardown() {
+    identity::set_active_user(identity::admin_user());
+  }
+
   public function resolve_test() {
     $album = test::random_album();
     $resolved = rest::resolve(rest::url("item", $album));
diff --git a/modules/tag/tests/Tags_Rest_Helper_Test.php b/modules/tag/tests/Tags_Rest_Helper_Test.php
index cdf7bfdf..dbad0b02 100644
--- a/modules/tag/tests/Tags_Rest_Helper_Test.php
+++ b/modules/tag/tests/Tags_Rest_Helper_Test.php
@@ -26,6 +26,10 @@ class Tags_Rest_Helper_Test extends Gallery_Unit_Test_Case {
     }
   }
 
+  public function teardown() {
+    identity::set_active_user(identity::admin_user());
+  }
+
   public function get_test() {
     $t1 = tag::add(item::root(), "t1");
     $t2 = tag::add(item::root(), "t2");
-- 
cgit v1.2.3


From 1d8862d957e8f08552d448cd17b3c00c61b7fc05 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Wed, 24 Feb 2010 01:28:38 -0800
Subject: Fix for ticket #1034: Fix db cache driver delete() call which was
 missed in a recent refactoring / fix.

---
 modules/gallery/libraries/drivers/Cache/Database.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php
index 085c5c35..ff982396 100644
--- a/modules/gallery/libraries/drivers/Cache/Database.php
+++ b/modules/gallery/libraries/drivers/Cache/Database.php
@@ -130,7 +130,7 @@ class Cache_Database_Driver extends Cache_Driver {
       // Make sure the expiration is valid and that the hash matches
       if ($cache->expiration != 0 && $cache->expiration <= time()) {
         // Cache is not valid, delete it now
-        $this->delete($cache->id);
+        $this->delete(array($cache->id));
       } else {
         // Disable notices for unserializing
         $ER = error_reporting(~E_NOTICE);
-- 
cgit v1.2.3


From c38bee203b8e89cfb1446ecacd133f3c679ffbcc Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Wed, 24 Feb 2010 16:21:54 -0800
Subject: Add Faroese to the language list. Verified that it uses the default
 plural rules, thus no changes in Gallery_I18n.php or on the server side
 required.

---
 modules/gallery/helpers/locales.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index e72d7ed9..62b08fb9 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -81,6 +81,7 @@ class locales_Core {
     $l["eu_ES"] = "Euskara";                  // Basque
     $l["fa_IR"] = "فارس";                     // Farsi
     $l["fi_FI"] = "Suomi";                    // Finnish
+    $l["fo_FO"] = "Føroyskt";                    // Faroese
     $l["fr_FR"] = "Français";                 // French
     $l["ga_IE"] = "Gaeilge";                  // Irish
     $l["he_IL"] = "עברית";                    // Hebrew
-- 
cgit v1.2.3


From 39b8810c3b37538e015c9d8cb7b46c59d87fb8c7 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Wed, 24 Feb 2010 16:39:18 -0800
Subject: Fix multi-column layout of language admin.

---
 modules/gallery/views/admin_languages.html.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php
index 07134475..d4b7b0c1 100644
--- a/modules/gallery/views/admin_languages.html.php
+++ b/modules/gallery/views/admin_languages.html.php
@@ -49,13 +49,14 @@
             </tr>
             <? $i = 0 ?>
             <? foreach ($available_locales as $code => $display_name):  ?>
-            <? if ($i == (count($available_locales)/2)): ?>
-            <table>
-              <tr>
-                <th> <?= t("Installed") ?> </th>
-                <th> <?= t("Language") ?> </th>
-                <th> <?= t("Default language") ?> </th>
-              </tr>
+            <? if ($i == (int) (count($available_locales)/2)): ?>
+          </table>
+          <table>
+            <tr>
+              <th> <?= t("Installed") ?> </th>
+              <th> <?= t("Language") ?> </th>
+              <th> <?= t("Default language") ?> </th>
+            </tr>
             <? endif ?>
             <tr class="<?= (isset($installed_locales[$code])) ? "g-available" : "" ?><?= ($default_locale == $code) ? " g-selected" : "" ?>">
               <td> <?= form::checkbox("installed_locales[]", $code, isset($installed_locales[$code])) ?> </td>
-- 
cgit v1.2.3


From d9707ae749df2770370dc4eeeeaddda28f092d4d Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 27 Feb 2010 02:37:39 -0800
Subject: Fix for ticket #1036 - Don't echo any sensitive information such as
 passwords, hashes or personally identifiable information.

---
 modules/gallery/libraries/MY_Kohana_Exception.php |  57 ++++++++
 modules/gallery/tests/Kohana_Exception_Test.php   | 170 ++++++++++++++++++++++
 modules/gallery/views/kohana/error.php            |   4 +-
 3 files changed, 229 insertions(+), 2 deletions(-)
 create mode 100644 modules/gallery/tests/Kohana_Exception_Test.php

(limited to 'modules/gallery')

diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php
index d6f1f467..1712d895 100644
--- a/modules/gallery/libraries/MY_Kohana_Exception.php
+++ b/modules/gallery/libraries/MY_Kohana_Exception.php
@@ -92,4 +92,61 @@ class Kohana_Exception extends Kohana_Exception_Core {
     }
     print $view;
   }
+
+  /**
+   * @see Kohana_Exception::dump()
+   */
+  public static function dump($value, $length=128, $max_level=5) {
+    return self::safe_dump($value, null, $length, $max_level);
+  }
+
+  /**
+   * A safer version of dump(), eliding sensitive information in the dumped
+   * data, such as session ids and passwords / hashes.
+   */
+  public static function safe_dump($value, $key, $length=128, $max_level=5) {
+    return parent::dump(self::_sanitize_for_dump($value, $key), $length, $max_level);
+  }
+
+  /**
+   * Elides sensitive data which shouldn't be echoed to the client,
+   * such as passwords, and other secrets.
+   */
+  /* Visible for testing*/ static function _sanitize_for_dump($value, $key=null) {
+    // Better elide too much than letting something through.
+    // Note: unanchored match is intended.
+    $sensitive_info_pattern =
+      '/(password|pass|email|hash|private_key|session_id|session|g3sid|csrf|secret)/i';
+    if (preg_match($sensitive_info_pattern, $key) ||
+        (is_string($value) && preg_match('/[a-f0-9]{20,}/i', $value))) {
+      return 'removed for display';
+    } else if (is_object($value)) {
+      if ($value instanceof Database) {
+        // Elide database password, host, name, user, etc.
+        return get_class($value) . ' object - details omitted for display';
+      } else if ($value instanceof User_Model) {
+        return get_class($value) . ' object for "' . $value->name . '" - details omitted for display';
+      }
+      return self::_sanitize_for_dump((array) $value, $key);
+    } else if (is_array($value)) {
+      $result = array();
+      foreach ($value as $k => $v) {
+        $actual_key = $k;
+        $key_for_display = $k;
+        if ($k[0] === "\x00") {
+          // Remove the access level from the variable name
+          $actual_key = substr($k, strrpos($k, "\x00") + 1);
+          $access = $k[1] === '*' ? 'protected' : 'private';
+          $key_for_display = "$access: $actual_key";
+        }
+        if (is_object($v)) {
+          $key_for_display .= ' (type: ' . get_class($v) . ')';
+        }
+        $result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key);
+      }
+    } else {
+      $result = $value;
+    }
+    return $result;
+  }
 }
\ No newline at end of file
diff --git a/modules/gallery/tests/Kohana_Exception_Test.php b/modules/gallery/tests/Kohana_Exception_Test.php
new file mode 100644
index 00000000..d2dbb4dc
--- /dev/null
+++ b/modules/gallery/tests/Kohana_Exception_Test.php
@@ -0,0 +1,170 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Kohana_Exception_Test extends Gallery_Unit_Test_Case {
+
+  public function dump_test() {
+    // Verify the override.
+    $this->assert_equal('<small>string</small><span>(19)</span> "removed for display"',
+        Kohana_Exception::dump("1a62761b836138c6198313911"));
+    $this->assert_equal('<small>string</small><span>(14)</span> "original value"',
+        Kohana_Exception::dump("original value"));
+  }
+
+  public function safe_dump_test() {
+    // Verify the delegation.
+    $this->assert_equal('<small>string</small><span>(19)</span> "removed for display"',
+        Kohana_Exception::safe_dump("original value", "password"));
+    $this->assert_equal('<small>string</small><span>(14)</span> "original value"',
+        Kohana_Exception::safe_dump("original value", "meow"));
+  }
+
+  public function sanitize_for_dump_match_key_test() {
+    $this->assert_equal("removed for display",
+        Kohana_Exception::_sanitize_for_dump("original value", "password"));
+    $this->assert_equal("original value",
+        Kohana_Exception::_sanitize_for_dump("original value", "meow"));
+  }
+
+  public function sanitize_for_dump_match_key_loosely_test() {
+    $this->assert_equal("removed for display",
+        Kohana_Exception::_sanitize_for_dump("original value", "this secret key"));
+  }
+
+  public function sanitize_for_dump_match_value_test() {
+    // Looks like a hash / secret value.
+    $this->assert_equal("removed for display",
+        Kohana_Exception::_sanitize_for_dump("p$2a178b841c6391d6368f131", "meow"));
+    $this->assert_equal("original value",
+        Kohana_Exception::_sanitize_for_dump("original value", "meow"));
+  }
+
+  public function sanitize_for_dump_array_test() {
+    $var = array("safe" => "original value 1",
+                 "some hash" => "original value 2",
+                 "three" => "2a3728788982938293b9292");
+    $expected = array("safe" => "original value 1",
+                      "some hash" => "removed for display",
+                      "three" => "removed for display");
+
+    $this->assert_equal($expected,
+        Kohana_Exception::_sanitize_for_dump($var, "ignored"));
+  }
+
+  public function sanitize_for_dump_nested_array_test() {
+    $var = array("safe" => "original value 1",
+                 "safe 2" => array("some hash" => "original value 2"));
+    $expected = array("safe" => "original value 1",
+                      "safe 2" => array("some hash" => "removed for display"));
+    $this->assert_equal($expected,
+        Kohana_Exception::_sanitize_for_dump($var, "ignored"));
+  }
+
+  public function sanitize_for_dump_user_test() {
+    $user = new User_Model();
+    $user->name = "john";
+    $user->hash = "value 1";
+    $user->email = "value 2";
+    $user->full_name = "value 3";
+    $this->assert_equal('User_Model object for "john" - details omitted for display',
+        Kohana_Exception::_sanitize_for_dump($user, "ignored"));
+  }
+
+  public function sanitize_for_dump_database_test() {
+    $db = new Kohana_Exception_Test_Database(
+        array("connection" => array("user" => "john", "name" => "gallery_3"),
+              "cache" => array()));
+    $this->assert_equal("Kohana_Exception_Test_Database object - details omitted for display",
+        Kohana_Exception::_sanitize_for_dump($db, "ignored"));
+  }
+
+  public function sanitize_for_dump_nested_database_test() {
+    $db = new Kohana_Exception_Test_Database(
+        array("connection" => array("user" => "john", "name" => "gallery_3"),
+              "cache" => array()));
+    $var = array("some" => "foo",
+                 "bar" => $db);
+    $this->assert_equal(
+        array("some" => "foo",
+              "bar (type: Kohana_Exception_Test_Database)" =>
+              "Kohana_Exception_Test_Database object - details omitted for display"),
+        Kohana_Exception::_sanitize_for_dump($var, "ignored"));
+  }
+
+  public function sanitize_for_dump_object_test() {
+    $obj = new Kohana_Exception_Test_Class();
+    $obj->password = "original value";
+    $expected = array("var_1" => "val 1",
+                      "protected: var_2" => "val 2",
+                      "private: var_3" => "val 3",
+                      "protected: hash" => "removed for display",
+                      "private: email_address" => "removed for display",
+                      "password" => "removed for display");
+    $this->assert_equal($expected,
+        Kohana_Exception::_sanitize_for_dump($obj, "ignored"));
+  }
+
+  public function sanitize_for_dump_nested_object_test() {
+    $user = new User_Model();
+    $user->name = "john";
+    $obj = new Kohana_Exception_Test_Class();
+    $obj->meow = new Kohana_Exception_Test_Class();
+    $obj->woof = "original value";
+    $obj->foo = array("bar" => $user);
+    $expected = array("var_1" => "val 1",
+                      "protected: var_2" => "val 2",
+                      "private: var_3" => "val 3",
+                      "protected: hash" => "removed for display",
+                      "private: email_address" => "removed for display",
+                      "meow (type: Kohana_Exception_Test_Class)" =>
+                          array("var_1" => "val 1",
+                                "protected: var_2" => "val 2",
+                                "private: var_3" => "val 3",
+                                "protected: hash" => "removed for display",
+                                "private: email_address" => "removed for display"),
+                      "woof" => "original value",
+                      "foo" => array("bar (type: User_Model)" =>
+                                     'User_Model object for "john" - details omitted for display'));
+    $this->assert_equal($expected,
+        Kohana_Exception::_sanitize_for_dump($obj, "ignored"));
+  }
+}
+
+class Kohana_Exception_Test_Database extends Database {
+  function __construct($config) { parent::__construct($config); }
+  public function connect() {}
+  public function disconnect() {}
+  public function set_charset($charset) {}
+  public function query_execute($sql) {}
+  public function escape($value) {}
+  public function list_constraints($table) {}
+  public function list_fields($table) {}
+  public function list_tables() {}
+}
+
+class Kohana_Exception_Test_Class {
+  public $var_1 = "val 1";
+  protected $var_2 = "val 2";
+  private $var_3 = "val 3";
+  protected $hash = "val 4";
+  private $email_address = "val 5";
+  function __set($name, $val) {
+    $this->$name = $val;
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/views/kohana/error.php b/modules/gallery/views/kohana/error.php
index 26628cf2..d55105a0 100644
--- a/modules/gallery/views/kohana/error.php
+++ b/modules/gallery/views/kohana/error.php
@@ -204,7 +204,7 @@
                       <pre><?= $name?></pre>
                     </td>
                     <td class="value">
-                      <pre><?= Kohana_Exception::dump($arg) ?></pre>
+                      <pre><?= Kohana_Exception::safe_dump($arg, $name) ?></pre>
                     </td>
                   </tr>
                   <? endforeach?>
@@ -265,7 +265,7 @@
                   </code>
                 </td>
                 <td class="value">
-                  <pre><?= Kohana_Exception::dump($value) ?></pre>
+                  <pre><?= Kohana_Exception::safe_dump($value, $key) ?></pre>
                 </td>
               </tr>
               <? endforeach?>
-- 
cgit v1.2.3