From 801c9a98e438a9c6a072630c3a051435986f6cf0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 18:52:44 -0700 Subject: Fix #1846. --- modules/gallery/models/item.php | 20 ++++++++----- modules/gallery/tests/Item_Model_Test.php | 50 +++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 10 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index e90e0fcb..0e3f0fb8 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -803,18 +803,22 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if (!$this->loaded()) { + $ext = pathinfo($this->name, PATHINFO_EXTENSION); + + if (!$this->loaded() && !$ext) { // New items must have an extension - $ext = pathinfo($this->name, PATHINFO_EXTENSION); - if (!$ext) { + $v->add_error("name", "illegal_data_file_extension"); + return; + } + + if ($this->is_photo()) { + if (!in_array(strtolower($ext), legal_file::get_photo_extensions())) { $v->add_error("name", "illegal_data_file_extension"); - return; } + } - if ($this->is_photo() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_photo_extensions())) || - $this->is_movie() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_movie_extensions()))) { + if ($this->is_movie()) { + if (!in_array(strtolower($ext), legal_file::get_movie_extensions())) { $v->add_error("name", "illegal_data_file_extension"); } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 205d0a08..6d40230f 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -333,7 +333,36 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->mime_type = "video/x-flv"; $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("type" => "read_only"), $e->validation->errors()); + $this->assert_same( + array("name" => "illegal_data_file_extension", "type" => "read_only"), + $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function photo_files_must_have_an_extension_test() { + try { + $photo = test::random_photo_unsaved(); + $photo->mime_type = "image/jpeg"; + $photo->name = "no_extension"; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function movie_files_must_have_an_extension_test() { + try { + $movie = test::random_photo_unsaved(); + $movie->type = "movie"; + $movie->mime_type = "video/x-flv"; + $movie->name = "no_extension"; + $movie->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -421,7 +450,8 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid"), $e->validation->errors()); + $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), + $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -473,4 +503,20 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } } + + public function cant_rename_to_illegal_extension_test() { + foreach (array("test.php.test", "test.php", "test.PHP", + "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } -- cgit v1.2.3 From d5a445b7797a8f46a171bb94f3fd9d48d95494e1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:19:04 -0700 Subject: Improve the dimensions-detecting regex, thanks to cchiappa. Fixes #1844. --- modules/gallery/helpers/movie.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 79b5a7c2..b54811df 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -106,7 +106,7 @@ class movie_Core { $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($file_path) . " 2>&1"; $result = `$cmd`; - if (preg_match("/Stream.*?Video:.*?(\d+)x(\d+)/", $result, $regs)) { + if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $regs)) { list ($width, $height) = array($regs[1], $regs[2]); } else { list ($width, $height) = array(0, 0); -- cgit v1.2.3 From ef4dbd18af218a3c68a776122108af4b0d0191a4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:34:01 -0700 Subject: Fix extension-swapping code for files that have extensions that are not 3 characters long. Fixes #1845. --- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/helpers/legal_file.php | 12 +++++++++ modules/gallery/models/item.php | 4 +-- modules/gallery/tests/Legal_File_Helper_Test.php | 32 ++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 modules/gallery/tests/Legal_File_Helper_Test.php (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7e0bbbea..27ee124a 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -156,7 +156,7 @@ class graphics_Core { foreach ($ops as $target => $output_file) { if ($input_item->is_movie()) { // Convert the movie to a JPG first - $output_file = preg_replace("/...$/", "jpg", $output_file); + $output_file = legal_file::change_extension($output_file, "jpg"); try { movie::extract_frame($input_file, $output_file); } catch (Exception $e) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 6ec65e97..af6472ca 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -80,4 +80,16 @@ class legal_file_Core { module::event("legal_movie_types", $types_wrapper); return $types_wrapper->types; } + + /** + * Convert the extension of a filename. If the original filename has no + * extension, add the new one to the end. + */ + static function change_extension($filename, $new_ext) { + if (strpos($filename, ".") === false) { + return "{$filename}.{$new_ext}"; + } else { + return preg_replace("/\..*?$/", ".{$new_ext}", $filename); + } + } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 0e3f0fb8..98a2c4df 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -188,7 +188,7 @@ class Item_Model_Core extends ORM_MPTT { return $base . "/.album.jpg"; } else if ($this->is_movie()) { // Replace the extension with jpg - return preg_replace("/...$/", "jpg", $base); + return legal_file::change_extension($base, "jpg"); } } @@ -213,7 +213,7 @@ class Item_Model_Core extends ORM_MPTT { return $base . "/.album.jpg" . $cache_buster; } else if ($this->is_movie()) { // Replace the extension with jpg - $base = preg_replace("/...$/", "jpg", $base); + $base = legal_file::change_extension($base, "jpg"); return $base . $cache_buster; } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php new file mode 100644 index 00000000..c101de10 --- /dev/null +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -0,0 +1,32 @@ +assert_equal("foo.jpg", legal_file::change_extension("foo.png", "jpg")); + } + + public function change_four_letter_extension_test() { + $this->assert_equal("foo.flv", legal_file::change_extension("foo.mpeg", "flv")); + } + + public function change_extension_with_no_extension_test() { + $this->assert_equal("foo.flv", legal_file::change_extension("foo", "flv")); + } +} \ No newline at end of file -- cgit v1.2.3 From 916f5c7d3b6d3b57255e760949c78f0dbc2abf92 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:55:29 -0700 Subject: Clean up message to preserve page formatting. Fixes #1848. --- modules/gallery/views/error_admin.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/views/error_admin.html.php b/modules/gallery/views/error_admin.html.php index af78c59c..a391746e 100644 --- a/modules/gallery/views/error_admin.html.php +++ b/modules/gallery/views/error_admin.html.php @@ -184,7 +184,7 @@ [ ]: - +
-- cgit v1.2.3 From fd152956426f93c4b5231f89f9c6375a2d4dda4a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 21:09:30 -0700 Subject: Clean up comments. --- modules/gallery/controllers/items.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php index 0c20803c..318fb431 100644 --- a/modules/gallery/controllers/items.php +++ b/modules/gallery/controllers/items.php @@ -24,15 +24,15 @@ class Items_Controller extends Controller { throw new Kohana_404_Exception(); } - // Redirect to the more specific resource type, since it will render - // differently. We can't delegate here because we may have gotten to this - // page via /items/ which means that we don't have a type-specific controller. Also, we - // want to drive a single canonical resource mapping where possible. + // Redirect to the more specific resource type, since it will render differently. We can't + // delegate here because we may have gotten to this page via /items/ which means that we + // don't have a type-specific controller. Also, we want to drive a single canonical resource + // mapping where possible. access::required("view", $item); url::redirect($item->abs_url()); } - // Return the width/height dimensinons for the given item + // Return the width/height dimensions for the given item public function dimensions($id) { $item = ORM::factory("item", $id); access::required("view", $item); -- cgit v1.2.3 From 3fe3c09ec31b46b1ed57f4d92074dbf3caa4b294 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 6 May 2012 09:44:12 -0700 Subject: Use html::anchor consistently. Fixes #1851. --- modules/gallery/helpers/gallery_event.php | 4 ++-- modules/info/helpers/info_block.php | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index db087588..781775b0 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -549,8 +549,8 @@ class gallery_event_Core { $value = $data->user->$field; if ($field == "locale") { $value = locales::display_name($value); - } elseif ($field == "url") { - $value = html::mark_clean(html::anchor($data->user->$field)); + } else if ($field == "url") { + $value = html::mark_clean(html::anchor(html::clean($data->user->$field))); } $v->user_profile_data[(string) $label] = $value; } diff --git a/modules/info/helpers/info_block.php b/modules/info/helpers/info_block.php index c4470dbe..3dcfa338 100644 --- a/modules/info/helpers/info_block.php +++ b/modules/info/helpers/info_block.php @@ -60,8 +60,9 @@ class info_block_Core { if ($theme->item->owner->url) { $info["owner"] = array( "label" => t("Owner:"), - "value" => "item->owner->url}\">" . - html::clean($display_name) . "" + "value" => html::anchor( + html::clean($theme->item->owner->url), + html::clean($display_name)) ); } else { $info["owner"] = array( -- cgit v1.2.3 From e722e5d5d4fbd8a70cc67c4d545390120ed00608 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:38:51 -0700 Subject: Fix missing date.timezone which results in a crash on startup in I18n code. Fill in missing field and log it 25% of the time. Fixes #1853. --- index.php | 6 ++++++ modules/gallery/helpers/gallery_event.php | 8 ++++++++ 2 files changed, 14 insertions(+) (limited to 'modules/gallery') diff --git a/index.php b/index.php index 6e3ee4d4..689c0770 100644 --- a/index.php +++ b/index.php @@ -24,6 +24,12 @@ define("IN_PRODUCTION", true); version_compare(PHP_VERSION, "5.2.3", "<") and exit("Gallery requires PHP 5.2.3 or newer (you're using " . PHP_VERSION . ")"); +// PHP 5.4 requires a timezone - if one isn't set date functions aren't going to work properly. +// We'll log this once the logging system is initialized (in the gallery_event::gallery_ready). +if (!ini_get("date.timezone")) { + ini_set("date.timezone", "UTC"); +} + // Gallery requires short_tags to be on !ini_get("short_open_tag") and exit("Gallery requires short_open_tag to be on."); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 781775b0..6225633f 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -23,6 +23,14 @@ class gallery_event_Core { * Initialization. */ static function gallery_ready() { + if (!get_cfg_var("date.timezone")) { + if (!(rand() % 4)) { + Kohana_Log::add("error", "date.timezone setting not detected in " . + get_cfg_var("cfg_file_path") . " falling back to UTC. " . + "Consult http://php.net/manual/function.get-cfg-var.php for help."); + } + } + identity::load_user(); theme::load_themes(); locales::set_request_locale(); -- cgit v1.2.3 From a23fed4ce1331ebd15530a66b51933eec8edb6a8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:55:23 -0700 Subject: Improve IdentityProvider switching code, patch thanks to Reklov Nesalk. Fixes #1834. --- modules/gallery/libraries/IdentityProvider.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php index 66c68dad..c9e8688f 100644 --- a/modules/gallery/libraries/IdentityProvider.php +++ b/modules/gallery/libraries/IdentityProvider.php @@ -85,6 +85,10 @@ class IdentityProvider_Core { call_user_func("{$new_provider}_installer::initialize"); } + if (!$provider->admin_user()) { + throw new Exception("IdentityProvider $new_provider: Couldn't find the admin user!"); + } + module::event("identity_provider_changed", $current_provider, $new_provider); identity::set_active_user($provider->admin_user()); @@ -100,7 +104,12 @@ class IdentityProvider_Core { // Make sure new provider is not in the database try { module::uninstall($new_provider); + } catch (Exception $e2) { + Kohana_Log::add("error", "Error uninstalling failed new provider\n" . + $e2->getMessage() . "\n" . $e2->getTraceAsString()); + } + try { // Lets reset to the current provider so that the gallery installation is still // working. module::set_var("gallery", "identity_provider", null); -- cgit v1.2.3 From 2a4903c0e724adadf0a7f1cf97c147595914bf51 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 21:17:51 -0700 Subject: Fix typo in call to Kohana_Exception::getMessage, thanks to Serge. Fixes #1780. --- modules/gallery/helpers/gallery_graphics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index 02f628a1..d2b92c87 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -126,7 +126,7 @@ class gallery_graphics_Core { module::event("graphics_composite_completed", $input_file, $output_file, $options, $item); } catch (ErrorException $e) { - Kohana_Log::add("error", $e->get_message()); + Kohana_Log::add("error", $e->getMessage()); } } } -- cgit v1.2.3 From a563dcdfb32d34d4cd22c5c75fa7f02f7b7b08d9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 21:40:43 -0700 Subject: Convert the missing movie placeholder over to a JPG for consistency. Fixes #1828. --- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/images/missing_movie.jpg | Bin 0 -> 3428 bytes modules/gallery/images/missing_movie.png | Bin 8474 -> 0 bytes 3 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 modules/gallery/images/missing_movie.jpg delete mode 100644 modules/gallery/images/missing_movie.png (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 27ee124a..c19fbe6d 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -161,7 +161,7 @@ class graphics_Core { movie::extract_frame($input_file, $output_file); } catch (Exception $e) { // Assuming this is MISSING_FFMPEG for now - copy(MODPATH . "gallery/images/missing_movie.png", $output_file); + copy(MODPATH . "gallery/images/missing_movie.jpg", $output_file); } $working_file = $output_file; } else { diff --git a/modules/gallery/images/missing_movie.jpg b/modules/gallery/images/missing_movie.jpg new file mode 100644 index 00000000..452db225 Binary files /dev/null and b/modules/gallery/images/missing_movie.jpg differ diff --git a/modules/gallery/images/missing_movie.png b/modules/gallery/images/missing_movie.png deleted file mode 100644 index fdc97779..00000000 Binary files a/modules/gallery/images/missing_movie.png and /dev/null differ -- cgit v1.2.3 From b512734b9d202807eb7fbc2830f37a1c867c790a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 8 May 2012 18:23:09 -0700 Subject: Close all buffers, not just the ones that Kohana opened. Fixes #1821, thanks to pvalsecc. --- modules/gallery/controllers/file_proxy.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 5c958a8d..36c6bc2a 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -122,7 +122,15 @@ class File_Proxy_Controller extends Controller { } else { header("Content-Type: $item->mime_type"); } - Kohana::close_buffers(false); + + // Don't use Kohana::close_buffers(false) here because that only closes all the buffers + // that Kohana started. We want to close *all* buffers at this point because otherwise we're + // going to buffer up whatever file we're proxying (and it may be very large). This may + // affect embedding or systems with PHP's output_buffering enabled. + while (ob_get_level()) { + ob_end_clean(); + } + readfile($file); } } -- cgit v1.2.3 From 34ac1a466d1ad9e1ba23bf9b7265c6b2b2376ad9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 15:12:30 -0700 Subject: Verify that theme names are well formed. Fixes #1856. --- modules/gallery/libraries/Admin_View.php | 7 ++++++- modules/gallery/libraries/Theme_View.php | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'modules/gallery') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index fcfe7aa2..66b8c20c 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -31,7 +31,12 @@ class Admin_View_Core extends Gallery_View { $this->theme_name = module::get_var("gallery", "active_admin_theme"); if (identity::active_user()->admin) { - $this->theme_name = Input::instance()->get("theme", $this->theme_name); + $theme_name = Input::instance()->get("theme"); + if ($theme_name && + file_exists(THEMEPATH . $theme_name) && + strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) { + $this->theme_name = $theme_name; + } } $this->sidebar = ""; $this->set_global(array("theme" => $this, diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 031da6de..78b74cde 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -33,7 +33,12 @@ class Theme_View_Core extends Gallery_View { $this->theme_name = module::get_var("gallery", "active_site_theme"); if (identity::active_user()->admin) { - $this->theme_name = Input::instance()->get("theme", $this->theme_name); + $theme_name = Input::instance()->get("theme"); + if ($theme_name && + file_exists(THEMEPATH . $theme_name) && + strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) { + $this->theme_name = $theme_name; + } } $this->item = null; $this->tag = null; -- cgit v1.2.3 From 5d9e71741754809ebe5f543eb874634e6fc8cc9d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 17:14:41 -0700 Subject: Sort modules by visible name, not id. Fixes #1859. --- modules/gallery/helpers/module.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'modules/gallery') diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 3368e39b..7292b106 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -109,7 +109,11 @@ class module_Core { $modules->gallery->locked = true; $identity_module = module::get_var("gallery", "identity_provider", "user"); $modules->$identity_module->locked = true; - $modules->ksort(); + + function natural_name_sort($a, $b) { + return strnatcasecmp($a->name, $b->name); + } + $modules->uasort('natural_name_sort'); self::$available = $modules; } -- cgit v1.2.3