From d45a73777935c86fc5131955831833d7465b5e9d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 21 Jan 2013 01:22:01 -0500 Subject: Update copyright to 2013. Fixes #1953. --- modules/watermark/controllers/admin_watermarks.php | 2 +- modules/watermark/helpers/watermark.php | 2 +- modules/watermark/helpers/watermark_event.php | 2 +- modules/watermark/helpers/watermark_installer.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/watermark') diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index a80f82a9..0e6e214b 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -1,7 +1,7 @@ Date: Tue, 22 Jan 2013 18:39:24 -0500 Subject: gallery.menalto.com -> galleryproject.org codex.gallery2.org -> codex.galleryproject.org Fixes #1957. --- README | 12 ++++++------ index.php | 2 +- installer/cli.php | 4 ++-- installer/views/install.html.php | 4 ++-- modules/akismet/module.info | 6 +++--- modules/comment/module.info | 6 +++--- modules/digibug/module.info | 6 +++--- modules/exif/module.info | 6 +++--- modules/g2_import/module.info | 6 +++--- modules/gallery/helpers/gallery_block.php | 2 +- modules/gallery/helpers/gallery_theme.php | 2 +- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/helpers/l10n_client.php | 2 +- modules/gallery/helpers/upgrade_checker.php | 2 +- modules/gallery/module.info | 6 +++--- modules/gallery/views/admin_graphics.html.php | 2 +- modules/gallery/views/admin_languages.html.php | 2 +- modules/gallery/views/admin_modules.html.php | 2 +- modules/gallery/views/admin_themes.html.php | 6 +++--- modules/gallery/views/error_admin.html.php | 2 +- modules/gallery/views/form_uploadify.html.php | 4 ++-- modules/gallery/views/upgrader.html.php | 4 ++-- modules/gallery/views/welcome_message.html.php | 4 ++-- modules/image_block/module.info | 6 +++--- modules/info/module.info | 6 +++--- modules/notification/module.info | 6 +++--- modules/organize/module.info | 6 +++--- modules/recaptcha/module.info | 6 +++--- modules/rest/module.info | 6 +++--- modules/rss/module.info | 6 +++--- modules/search/module.info | 6 +++--- modules/server_add/module.info | 6 +++--- modules/slideshow/module.info | 6 +++--- modules/tag/module.info | 6 +++--- modules/user/module.info | 6 +++--- modules/watermark/module.info | 6 +++--- themes/admin_wind/theme.info | 6 +++--- themes/wind/theme.info | 6 +++--- 38 files changed, 92 insertions(+), 92 deletions(-) (limited to 'modules/watermark') diff --git a/README b/README index 11256921..b50186d2 100644 --- a/README +++ b/README @@ -15,14 +15,14 @@ welcome theme and module developers to play with this release and start turning out slick new designs for our happy users. If you have questions or problems, you can get help in the Gallery forums: - http://gallery.menalto.com/forum/96 + http://galleryproject.org/forum/96 SECURITY: We've contracted a professional security audit, received their results and resolved all the issues they found. -Did you find a security flaw? Please email security@gallery.menalto.com +Did you find a security flaw? Please email security@galleryproject.org with the details and we'll fix it ASAP! @@ -34,12 +34,12 @@ SUPPORTED CONFIGURATION: - Database: MySQL 5 and newer. For complete system requirements, please refer to: - http://codex.gallery2.org/Gallery3:Requirements + http://codex.galleryproject.org/Gallery3:Requirements INSTALLING AND UPGRADING INSTRUCTIONS: For comprehensive instructions, The online User Guide is your best resource: - http://codex.gallery2.org/Gallery3:User_guide + http://codex.galleryproject.org/Gallery3:User_guide There are also simple instructions below. NOTE: You can upgrade from beta 1 and beyond, but not from alpha releases. @@ -68,7 +68,7 @@ and log in with your SourceForge username and password, then click the QUESTIONS, PROBLEMS: - - Check out the gallery3 FAQ http://codex.gallery2.org/Gallery3:FAQ - - Post to the Gallery 3 forums: http://gallery.menalto.com/forum/96 + - Check out the gallery3 FAQ http://codex.galleryproject.org/Gallery3:FAQ + - Post to the Gallery 3 forums: http://galleryproject.org/forum/96 - Email gallery-devel@lists.sourceforge.net diff --git a/index.php b/index.php index 763cfbbd..9ff8e3b4 100644 --- a/index.php +++ b/index.php @@ -39,7 +39,7 @@ if (!ini_get("date.timezone")) { !ini_get("short_open_tag") and exit("Gallery requires short_open_tag to be on."); // Suppress errors. For information on how to debug Gallery 3, see: -// http://codex.gallery2.org/Gallery3:FAQ#How_do_I_see_debug_information.3F +// http://codex.galleryproject.org/Gallery3:FAQ#How_do_I_see_debug_information.3F error_reporting(0); // Disabling display_errors will effectively disable Kohana error display diff --git a/installer/cli.php b/installer/cli.php index 93699ba9..f5a9e260 100644 --- a/installer/cli.php +++ b/installer/cli.php @@ -78,8 +78,8 @@ function oops($message) { print "==> " . $message; print "\n"; print "For help you can try:\n"; - print " * The Gallery 3 FAQ - http://codex.gallery2.org/Gallery3:FAQ\n"; - print " * The Gallery Forums - http://gallery.menalto.com/forum\n"; + print " * The Gallery 3 FAQ - http://codex.galleryproject.org/Gallery3:FAQ\n"; + print " * The Gallery Forums - http://galleryproject.org/forum\n"; print "\n\n** INSTALLATION FAILED **\n"; exit(1); } diff --git a/installer/views/install.html.php b/installer/views/install.html.php index a0eddaf3..7a30561a 100644 --- a/installer/views/install.html.php +++ b/installer/views/install.html.php @@ -13,9 +13,9 @@ diff --git a/modules/akismet/module.info b/modules/akismet/module.info index 63473468..263b7b82 100644 --- a/modules/akismet/module.info +++ b/modules/akismet/module.info @@ -2,6 +2,6 @@ name = "Akismet" description = "Filter comments through the Akismet web service to detect and eliminate spam (http://akismet.com). You'll need a WordPress.com API key to use it." version = 1 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:akismet" -discuss_url = "http://gallery.menalto.com/forum_module_akismet" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:akismet" +discuss_url = "http://galleryproject.org/forum_module_akismet" diff --git a/modules/comment/module.info b/modules/comment/module.info index 97e8a73b..b69379fa 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -2,6 +2,6 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." version = 7 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:comment" -discuss_url = "http://gallery.menalto.com/forum_module_comment" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:comment" +discuss_url = "http://galleryproject.org/forum_module_comment" diff --git a/modules/digibug/module.info b/modules/digibug/module.info index 781d5f01..5e5ca10f 100644 --- a/modules/digibug/module.info +++ b/modules/digibug/module.info @@ -2,6 +2,6 @@ name = "Digibug" description = "Digibug Photo Printing Module" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:digibug" -discuss_url = "http://gallery.menalto.com/forum_module_digibug" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:digibug" +discuss_url = "http://galleryproject.org/forum_module_digibug" diff --git a/modules/exif/module.info b/modules/exif/module.info index e266e20e..9bbda957 100644 --- a/modules/exif/module.info +++ b/modules/exif/module.info @@ -2,6 +2,6 @@ name = "Exif Data" description = "Extract Exif data and display it on photo pages." version = 1 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:exif" -discuss_url = "http://gallery.menalto.com/forum_module_exif" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:exif" +discuss_url = "http://galleryproject.org/forum_module_exif" diff --git a/modules/g2_import/module.info b/modules/g2_import/module.info index 6b03d097..32af27d0 100644 --- a/modules/g2_import/module.info +++ b/modules/g2_import/module.info @@ -2,6 +2,6 @@ name = "Gallery 2 Import" description = "Import your Gallery 2 content into Gallery 3" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:g2_import" -discuss_url = "http://gallery.menalto.com/forum_module_g2_import" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:g2_import" +discuss_url = "http://galleryproject.org/forum_module_g2_import" diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php index 5ab811de..5ac4d74d 100644 --- a/modules/gallery/helpers/gallery_block.php +++ b/modules/gallery/helpers/gallery_block.php @@ -78,7 +78,7 @@ class gallery_block_Core { $block->css_id = "g-project-news"; $block->title = t("Gallery project news"); $block->content = new View("admin_block_news.html"); - $block->content->feed = feed::parse("http://gallery.menalto.com/node/feed", 3); + $block->content->feed = feed::parse("http://galleryproject.org/node/feed", 3); break; case "block_adder": diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index e592db53..f94b9ecd 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -134,7 +134,7 @@ class gallery_theme_Core { 'Gallery ' . gallery::version_string() . ''); return "
  • " . t(module::get_var("gallery", "credits"), - array("url" => "http://gallery.menalto.com", + array("url" => "http://galleryproject.org", "gallery_version" => $version_string)) . "
    • "; } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index b8735120..51437d4b 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -124,7 +124,7 @@ class graphics_Core { // don't do this, the album may be permanently marked as "needs rebuilding" // // ref: http://sourceforge.net/apps/trac/gallery/ticket/1172 - // http://gallery.menalto.com/node/96926 + // http://galleryproject.org/node/96926 if ($item->album_cover_item_id) { $item->album_cover_item_id = null; $item->save(); diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 5954865d..2a1be2f9 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -21,7 +21,7 @@ class l10n_client_Core { private static function _server_url($path) { - return "http://gallery.menalto.com/translations/$path"; + return "http://galleryproject.org/translations/$path"; } static function server_api_key_url() { diff --git a/modules/gallery/helpers/upgrade_checker.php b/modules/gallery/helpers/upgrade_checker.php index 5059e619..492f72e9 100644 --- a/modules/gallery/helpers/upgrade_checker.php +++ b/modules/gallery/helpers/upgrade_checker.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class upgrade_checker_Core { - const CHECK_URL = "http://gallery.menalto.com/versioncheck/gallery3"; + const CHECK_URL = "http://galleryproject.org/versioncheck/gallery3"; const AUTO_CHECK_INTERVAL = 604800; // 7 days in seconds /** diff --git a/modules/gallery/module.info b/modules/gallery/module.info index 64cad0a7..566ca2eb 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -2,6 +2,6 @@ name = "Gallery 3" description = "Gallery core application" version = 53 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:gallery" -discuss_url = "http://gallery.menalto.com/forum_module_gallery" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:gallery" +discuss_url = "http://galleryproject.org/forum_module_gallery" diff --git a/modules/gallery/views/admin_graphics.html.php b/modules/gallery/views/admin_graphics.html.php index ae76f1e1..1f45bb14 100644 --- a/modules/gallery/views/admin_graphics.html.php +++ b/modules/gallery/views/admin_graphics.html.php @@ -16,7 +16,7 @@

    - We can help!", array("url" => "http://codex.gallery2.org/Gallery3:Choosing_A_Graphics_Toolkit")) ?> + We can help!", array("url" => "http://codex.galleryproject.org/Gallery3:Choosing_A_Graphics_Toolkit")) ?>

    diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index eef087e1..d6a9c225 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -80,7 +80,7 @@

    - for_html_attr() ?>"> diff --git a/modules/gallery/views/admin_modules.html.php b/modules/gallery/views/admin_modules.html.php index 03993bb2..5a7f7b6c 100644 --- a/modules/gallery/views/admin_modules.html.php +++ b/modules/gallery/views/admin_modules.html.php @@ -43,7 +43,7 @@

    - adding more modules! Each module provides new cool features.", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Modules")) ?> + adding more modules! Each module provides new cool features.", array("url" => "http://codex.galleryproject.org/Category:Gallery_3:Modules")) ?>

    diff --git a/modules/gallery/views/admin_themes.html.php b/modules/gallery/views/admin_themes.html.php index 9d53779f..547f27d2 100644 --- a/modules/gallery/views/admin_themes.html.php +++ b/modules/gallery/views/admin_themes.html.php @@ -10,7 +10,7 @@

    - with a new theme! There are separate themes for the regular site and for the administration interface. Click a theme below to preview and activate it.", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Themes")) ?> + with a new theme! There are separate themes for the regular site and for the administration interface. Click a theme below to preview and activate it.", array("url" => "http://codex.galleryproject.org/Category:Gallery_3:Themes")) ?>

    @@ -48,7 +48,7 @@

    - Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Themes")) ?> + Download one now!", array("url" => "http://codex.galleryproject.org/Category:Gallery_3:Themes")) ?>

    @@ -88,7 +88,7 @@

    - Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Themes")) ?> + Download one now!", array("url" => "http://codex.galleryproject.org/Category:Gallery_3:Themes")) ?>

    diff --git a/modules/gallery/views/error_admin.html.php b/modules/gallery/views/error_admin.html.php index 3e7c286e..cd1bd569 100644 --- a/modules/gallery/views/error_admin.html.php +++ b/modules/gallery/views/error_admin.html.php @@ -170,7 +170,7 @@

    There's an error message below and you can find more details in gallery3/var/logs (look for the file with the most recent - date on it). Stuck? Stop by the Gallery 3 + date on it). Stuck? Stop by the Gallery 3 Forums and ask for help. You can also look at our list of open tickets to see if the problem you're seeing has been diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index c1f985c3..4426514a 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -89,7 +89,7 @@ .replace("__INFO__", errorObj.info) .replace("__TYPE__", errorObj.type); } - msg = " - " + + msg = " - " + error_msg + ""; $("#g-add-photos-status ul").append( @@ -131,7 +131,7 @@ admin && !$movies_allowed): ?>

    - ffmpeg on your system. Movie uploading disabled. Help!", array("help_url" => "http://codex.gallery2.org/Gallery3:FAQ#Why_does_it_say_I.27m_missing_ffmpeg.3F")) ?> + ffmpeg on your system. Movie uploading disabled. Help!", array("help_url" => "http://codex.galleryproject.org/Gallery3:FAQ#Why_does_it_say_I.27m_missing_ffmpeg.3F")) ?>

    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 70d37dd1..edfaf720 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -144,8 +144,8 @@

    FAQ or ask in the Gallery forums.", - array("faq_url" => "http://codex.gallery2.org/Gallery3:FAQ", - "forums_url" => "http://gallery.menalto.com/forum")) ?> + array("faq_url" => "http://codex.galleryproject.org/Gallery3:FAQ", + "forums_url" => "http://galleryproject.org/forum")) ?>

    diff --git a/modules/gallery/views/welcome_message.html.php b/modules/gallery/views/welcome_message.html.php index 1fcca971..bb6b4a83 100644 --- a/modules/gallery/views/welcome_message.html.php +++ b/modules/gallery/views/welcome_message.html.php @@ -27,10 +27,10 @@

    - Gallery website has news and information about the Gallery project and community.", array("url" => "http://gallery.menalto.com")) ?> + Gallery website has news and information about the Gallery project and community.", array("url" => "http://galleryproject.org")) ?>

    - documentation site or you can ask for help in the forums!", array("codex_url" => "http://codex.gallery2.org/Main_Page", "forum_url" => "http://gallery.menalto.com/forum")) ?> + documentation site or you can ask for help in the forums!", array("codex_url" => "http://codex.galleryproject.org/Main_Page", "forum_url" => "http://galleryproject.org/forum")) ?>

    diff --git a/modules/image_block/module.info b/modules/image_block/module.info index 6722cc8f..25b89e6a 100644 --- a/modules/image_block/module.info +++ b/modules/image_block/module.info @@ -2,6 +2,6 @@ name = "Image Block" description = "Display a random image in the sidebar" version = 3 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:image_block" -discuss_url = "http://gallery.menalto.com/forum_module_image_block" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:image_block" +discuss_url = "http://galleryproject.org/forum_module_image_block" diff --git a/modules/info/module.info b/modules/info/module.info index f8964a78..0f35c922 100644 --- a/modules/info/module.info +++ b/modules/info/module.info @@ -2,6 +2,6 @@ name = "Info" description = "Display extra information about photos and albums" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:info" -discuss_url = "http://gallery.menalto.com/forum_module_info" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:info" +discuss_url = "http://galleryproject.org/forum_module_info" diff --git a/modules/notification/module.info b/modules/notification/module.info index 84be8f99..0e2cdb65 100644 --- a/modules/notification/module.info +++ b/modules/notification/module.info @@ -2,6 +2,6 @@ name = "Notification" description = "Send notifications to users when changes are made to watched albums." version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:notification" -discuss_url = "http://gallery.menalto.com/forum_module_notification" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:notification" +discuss_url = "http://galleryproject.org/forum_module_notification" diff --git a/modules/organize/module.info b/modules/organize/module.info index 07b9dc38..4d4560b9 100644 --- a/modules/organize/module.info +++ b/modules/organize/module.info @@ -2,6 +2,6 @@ name = "Organize" description = "Visually rearrange and move photos in your gallery" version = 4 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:organize" -discuss_url = "http://gallery.menalto.com/forum_module_organize" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:organize" +discuss_url = "http://galleryproject.org/forum_module_organize" diff --git a/modules/recaptcha/module.info b/modules/recaptcha/module.info index ebaff7de..6806bb91 100644 --- a/modules/recaptcha/module.info +++ b/modules/recaptcha/module.info @@ -2,6 +2,6 @@ name = "reCAPTCHA" description = "reCAPTCHA displays a graphical verification that protects the input form from abuse from 'bots,' or automated programs usually written to generate spam (http://recaptcha.net)." version = 1 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:recaptcha" -discuss_url = "http://gallery.menalto.com/forum_module_recaptcha" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:recaptcha" +discuss_url = "http://galleryproject.org/forum_module_recaptcha" diff --git a/modules/rest/module.info b/modules/rest/module.info index 33c9f1cf..93a7873b 100644 --- a/modules/rest/module.info +++ b/modules/rest/module.info @@ -3,6 +3,6 @@ description = "A REST-based API that allows desktop clients and other apps to in version = 3 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:rest" -discuss_url = "http://gallery.menalto.com/forum_module_rest" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:rest" +discuss_url = "http://galleryproject.org/forum_module_rest" diff --git a/modules/rss/module.info b/modules/rss/module.info index cd13c1b0..5f32387e 100644 --- a/modules/rss/module.info +++ b/modules/rss/module.info @@ -2,6 +2,6 @@ name = "RSS" description = "Provides RSS feeds" version = 1 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:rss" -discuss_url = "http://gallery.menalto.com/forum_module_rss" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:rss" +discuss_url = "http://galleryproject.org/forum_module_rss" diff --git a/modules/search/module.info b/modules/search/module.info index 1389798d..f1bb1fab 100644 --- a/modules/search/module.info +++ b/modules/search/module.info @@ -2,6 +2,6 @@ name = "Search" description = "Allows users to search their Gallery" version = 1 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:search" -discuss_url = "http://gallery.menalto.com/forum_module_search" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:search" +discuss_url = "http://galleryproject.org/forum_module_search" diff --git a/modules/server_add/module.info b/modules/server_add/module.info index 4ce0a97d..dc455c71 100644 --- a/modules/server_add/module.info +++ b/modules/server_add/module.info @@ -2,6 +2,6 @@ name = "Server Add" description = "Allows authorized users to load images directly from your web server" version = 4 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:server_add" -discuss_url = "http://gallery.menalto.com/forum_module_server_add" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:server_add" +discuss_url = "http://galleryproject.org/forum_module_server_add" diff --git a/modules/slideshow/module.info b/modules/slideshow/module.info index 8c9a3176..2d71f710 100644 --- a/modules/slideshow/module.info +++ b/modules/slideshow/module.info @@ -2,6 +2,6 @@ name = "Slideshow" description = "Allows users to view a slideshow of photos" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:slideshow" -discuss_url = "http://gallery.menalto.com/forum_module_slideshow" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:slideshow" +discuss_url = "http://galleryproject.org/forum_module_slideshow" diff --git a/modules/tag/module.info b/modules/tag/module.info index 75d16bf0..19fbdb45 100644 --- a/modules/tag/module.info +++ b/modules/tag/module.info @@ -2,6 +2,6 @@ name = "Tags" description = "Allows users to tag photos and albums" version = 3 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:tag" -discuss_url = "http://gallery.menalto.com/forum_module_tag" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:tag" +discuss_url = "http://galleryproject.org/forum_module_tag" diff --git a/modules/user/module.info b/modules/user/module.info index 503bcd0d..d5128db4 100644 --- a/modules/user/module.info +++ b/modules/user/module.info @@ -3,6 +3,6 @@ description = "Gallery 3 user and group management" version = 4 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:user" -discuss_url = "http://gallery.menalto.com/forum_module_user" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:user" +discuss_url = "http://galleryproject.org/forum_module_user" diff --git a/modules/watermark/module.info b/modules/watermark/module.info index 58efa43f..e5003cda 100644 --- a/modules/watermark/module.info +++ b/modules/watermark/module.info @@ -2,6 +2,6 @@ name = "Watermarks" description = "Allows users to watermark their photos" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:watermark" -discuss_url = "http://gallery.menalto.com/forum_module_watermark" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:watermark" +discuss_url = "http://galleryproject.org/forum_module_watermark" diff --git a/themes/admin_wind/theme.info b/themes/admin_wind/theme.info index 466d8e43..e2be9284 100644 --- a/themes/admin_wind/theme.info +++ b/themes/admin_wind/theme.info @@ -5,6 +5,6 @@ author = "Gallery Team" admin = 1 site = 0 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Themes:admin_wind" -discuss_url = "http://gallery.menalto.com/forum_theme_admin_wind" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Themes:admin_wind" +discuss_url = "http://galleryproject.org/forum_theme_admin_wind" diff --git a/themes/wind/theme.info b/themes/wind/theme.info index e0be78b9..b00e56d7 100644 --- a/themes/wind/theme.info +++ b/themes/wind/theme.info @@ -5,6 +5,6 @@ author = "Gallery Team" site = 1 admin = 0 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Themes:wind" -discuss_url = "http://gallery.menalto.com/forum_theme_wind" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Themes:wind" +discuss_url = "http://galleryproject.org/forum_theme_wind" -- cgit v1.2.3 From 212944e1eae2ffb9a3e27ea7d1c6813160cce1ed Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sat, 26 Jan 2013 00:04:55 +0100 Subject: #1951 - Make metadata generation more flexible (photo and movie helpers). - added photo_get_file_metadata and movie_get_file_metadata events - modified photo::get_file_metadata and movie::get_file_metadata to use them - ensure that non-readable files throw exceptions - redirected other photo metadata calls in core to photo::get_file_metadata (the helper function already exists, but in many places getimagesize is still called directly) - added some unit tests (neither of the functions above had one) --- modules/gallery/helpers/graphics.php | 10 +-- modules/gallery/helpers/movie.php | 86 ++++++++++++++++------ modules/gallery/helpers/photo.php | 63 +++++++++++++--- modules/gallery/tests/Movie_Helper_Test.php | 32 ++++++++ modules/gallery/tests/Photo_Helper_Test.php | 56 ++++++++++++++ modules/watermark/controllers/admin_watermarks.php | 32 +++----- 6 files changed, 218 insertions(+), 61 deletions(-) create mode 100644 modules/gallery/tests/Photo_Helper_Test.php (limited to 'modules/watermark') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 51437d4b..0c5f8366 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -195,9 +195,8 @@ class graphics_Core { } else { copy(MODPATH . "gallery/images/missing_photo.png", $item->thumb_path()); } - $dims = getimagesize($item->thumb_path()); - $item->thumb_width = $dims[0]; - $item->thumb_height = $dims[1]; + list ($item->thumb_width, $item->thumb_height) = + photo::get_file_metadata($item->thumb_path()); } if (!empty($ops["resize"])) { @@ -206,9 +205,8 @@ class graphics_Core { } else { copy(MODPATH . "gallery/images/missing_photo.png", $item->resize_path()); } - $dims = getimagesize($item->resize_path()); - $item->resize_width = $dims[0]; - $item->resize_height = $dims[1]; + list ($item->resize_width, $item->resize_height) = + photo::get_file_metadata($item->resize_path()); } $item->save(); } catch (Exception $e) { diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 7e6a2e55..6844771b 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -123,41 +123,79 @@ class movie_Core { /** * Return the width, height, mime_type, extension and duration of the given movie file. + * Metadata is first generated using ffmpeg (or set to defaults if it fails), + * then can be modified by other modules using movie_get_file_metadata events. + * + * This function and its use cases are symmetric to those of photo::get_file_metadata. + * + * @param string $file_path + * @return array array($width, $height, $mime_type, $extension, $duration) + * + * Use cases in detail: + * Input is standard movie type (flv/mp4/m4v) + * -> return metadata from ffmpeg + * Input is *not* standard movie type that is supported by ffmpeg (e.g. avi, mts...) + * -> return metadata from ffmpeg + * Input is *not* standard movie type that is *not* supported by ffmpeg but is legal + * -> return zero width, height, and duration; mime type and extension according to legal_file + * Input is *not* standard movie type that is *not* supported by ffmpeg and is *not* legal + * -> return zero width, height, and duration; null mime type and extension + * Input is not readable or does not exist + * -> throw exception + * Note: movie_get_file_metadata events can change any of the above cases (except the last one). */ static function get_file_metadata($file_path) { - $ffmpeg = movie::find_ffmpeg(); - if (empty($ffmpeg)) { - throw new Exception("@todo MISSING_FFMPEG"); + if (!is_readable($file_path)) { + throw new Exception("@todo UNREADABLE_FILE"); } - $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($file_path) . " 2>&1"; - $result = `$cmd`; - if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $matches_res)) { - if (preg_match("/Stream.*?Video:.*? \[.*?DAR (\d+):(\d+).*?\]/", $result, $matches_dar) && - $matches_dar[1] >= 1 && $matches_dar[2] >= 1) { - // DAR is defined - determine width based on height and DAR - // (should always be int, but adding round to be sure) - $matches_res[1] = round($matches_res[2] * $matches_dar[1] / $matches_dar[2]); + $metadata = new stdClass(); + $ffmpeg = movie::find_ffmpeg(); + if (!empty($ffmpeg)) { + // ffmpeg found - use it to get width, height, and duration. + $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($file_path) . " 2>&1"; + $result = `$cmd`; + if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $matches_res)) { + if (preg_match("/Stream.*?Video:.*? \[.*?DAR (\d+):(\d+).*?\]/", $result, $matches_dar) && + $matches_dar[1] >= 1 && $matches_dar[2] >= 1) { + // DAR is defined - determine width based on height and DAR + // (should always be int, but adding round to be sure) + $matches_res[1] = round($matches_res[2] * $matches_dar[1] / $matches_dar[2]); + } + list ($metadata->width, $metadata->height) = array($matches_res[1], $matches_res[2]); + } else { + list ($metadata->width, $metadata->height) = array(0, 0); + } + + if (preg_match("/Duration: (\d+:\d+:\d+\.\d+)/", $result, $matches)) { + $metadata->duration = movie::hhmmssdd_to_seconds($matches[1]); + } else if (preg_match("/duration.*?:.*?(\d+)/", $result, $matches)) { + $metadata->duration = $matches[1]; + } else { + $metadata->duration = 0; } - list ($width, $height) = array($matches_res[1], $matches_res[2]); } else { - list ($width, $height) = array(0, 0); + // ffmpeg not found - set width, height, and duration to zero. + $metadata->width = 0; + $metadata->height = 0; + $metadata->duration = 0; } - $extension = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); - $extension = $extension ? $extension : "flv"; // No extension? Assume FLV. - $mime_type = legal_file::get_movie_types_by_extension($extension); - $mime_type = $mime_type ? $mime_type : "video/x-flv"; // No MIME found? Default to video/x-flv. - - if (preg_match("/Duration: (\d+:\d+:\d+\.\d+)/", $result, $matches)) { - $duration = movie::hhmmssdd_to_seconds($matches[1]); - } else if (preg_match("/duration.*?:.*?(\d+)/", $result, $matches)) { - $duration = $matches[1]; + $extension = pathinfo($file_path, PATHINFO_EXTENSION); + if (!$extension || + (!$metadata->mime_type = legal_file::get_movie_types_by_extension($extension))) { + // Extension is empty or illegal. + $metadata->extension = null; + $metadata->mime_type = null; } else { - $duration = 0; + // Extension is legal (and mime is already set above). + $metadata->extension = strtolower($extension); } - return array($width, $height, $mime_type, $extension, $duration); + // Run movie_get_file_metadata events which can modify the class, then return results. + module::event("movie_get_file_metadata", $file_path, $metadata); + return array($metadata->width, $metadata->height, $metadata->mime_type, + $metadata->extension, $metadata->duration); } /** diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 855cd0ae..51e51507 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -80,20 +80,61 @@ class photo_Core { /** * Return the width, height, mime_type and extension of the given image file. + * Metadata is first generated using getimagesize (or the legal_file mapping if it fails), + * then can be modified by other modules using photo_get_file_metadata events. + * + * This function and its use cases are symmetric to those of photo::get_file_metadata. + * + * @param string $file_path + * @return array array($width, $height, $mime_type, $extension) + * + * Use cases in detail: + * Input is standard photo type (jpg/png/gif) + * -> return metadata from getimagesize() + * Input is *not* standard photo type that is supported by getimagesize (e.g. tif, bmp...) + * -> return metadata from getimagesize() + * Input is *not* standard photo type that is *not* supported by getimagesize but is legal + * -> return zero width and height, mime type and extension according to legal_file + * Input is *not* standard photo type that is *not* supported by getimagesize and is *not* legal + * -> return zero width and height, null mime type and extension + * Input is not readable or does not exist + * -> throw exception + * Note: photo_get_file_metadata events can change any of the above cases (except the last one). */ static function get_file_metadata($file_path) { - $image_info = getimagesize($file_path); - if ($image_info) { - $width = $image_info[0]; - $height = $image_info[1]; - $mime_type = $image_info["mime"]; - $extension = image_type_to_extension($image_info[2], false); - return array($width, $height, $mime_type, $extension); + if (!is_readable($file_path)) { + throw new Exception("@todo UNREADABLE_FILE"); + } + + $metadata = new stdClass(); + if ($image_info = getimagesize($file_path)) { + // getimagesize worked - use its results. + $metadata->width = $image_info[0]; + $metadata->height = $image_info[1]; + $metadata->mime_type = $image_info["mime"]; + $metadata->extension = image_type_to_extension($image_info[2], false); + // We prefer jpg instead of jpeg (which is returned by image_type_to_extension). + if ($metadata->extension == "jpeg") { + $metadata->extension = "jpg"; + } } else { - // getimagesize failed - use legal_file mapping instead. - $extension = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); - $mime_type = legal_file::get_photo_types_by_extension($extension); - return array(0, 0, $mime_type, $extension); + // getimagesize failed - try to use legal_file mapping instead. + $extension = pathinfo($file_path, PATHINFO_EXTENSION); + if (!$extension || + (!$metadata->mime_type = legal_file::get_photo_types_by_extension($extension))) { + // Extension is empty or illegal. + $metadata->extension = null; + $metadata->mime_type = null; + } else { + // Extension is legal (and mime is already set above). + $metadata->extension = strtolower($extension); + } + $metadata->width = 0; + $metadata->height = 0; } + + // Run photo_get_file_metadata events which can modify the class, then return results. + module::event("photo_get_file_metadata", $file_path, $metadata); + return array($metadata->width, $metadata->height, $metadata->mime_type, $metadata->extension); } } diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php index ff7f798c..0c262620 100644 --- a/modules/gallery/tests/Movie_Helper_Test.php +++ b/modules/gallery/tests/Movie_Helper_Test.php @@ -46,4 +46,36 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal($seconds, movie::hhmmssdd_to_seconds($hhmmssdd)); } } + + public function get_file_metadata_test() { + $movie = test::random_movie(); + $this->assert_equal(array(360, 288, "video/x-flv", "flv", 6.00), + movie::get_file_metadata($movie->file_path())); + } + + public function get_file_metadata_with_non_existent_file_test() { + try { + $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_no_extension_test() { + copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_no_extension"); + $this->assert_equal(array(360, 288, null, null, 6.00), + movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension")); + } + + public function get_file_metadata_with_illegal_extension_test() { + $this->assert_equal(array(0, 0, null, null, 0), + movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php")); + } + + public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { + copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_php_extension.php"); + $this->assert_equal(array(360, 288, null, null, 6.00), + movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php")); + } } diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php new file mode 100644 index 00000000..5207a6db --- /dev/null +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -0,0 +1,56 @@ +assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata($photo->file_path())); + } + + public function get_file_metadata_with_non_existent_file_test() { + try { + $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/this_does_not_exist"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_no_extension_test() { + copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension"); + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension")); + } + + public function get_file_metadata_with_illegal_extension_test() { + $this->assert_equal(array(0, 0, null, null), + photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php")); + } + + public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { + // This ensures that we correctly "re-type" files with invalid extensions if the contents + // themselves are valid. This is needed to ensure that issues similar to those corrected by + // ticket #1855, where an image that looked valid (header said jpg) with a php extension was + // previously accepted without changing its extension, do not arise and cause security issues. + copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php"); + $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), + photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php")); + } +} diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 0e6e214b..14c2b394 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -100,32 +100,24 @@ class Admin_Watermarks_Controller extends Admin_Controller { $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); $name = legal_file::smash_extensions($name); - if (!($image_info = getimagesize($file)) || - !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) { - message::error(t("Unable to identify this image file")); + list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); + if (!legal_file::get_photo_extensions($extension)) { + message::error(t("Invalid or unidentifiable image file")); @unlink($file); return; - } - - if (!in_array($pathinfo["extension"], legal_file::get_photo_extensions())) { - switch ($image_info[2]) { - case IMAGETYPE_GIF: - $name = legal_file::change_extension($name, "gif"); - break; - case IMAGETYPE_JPEG: - $name = legal_file::change_extension($name, "jpg"); - break; - case IMAGETYPE_PNG: - $name = legal_file::change_extension($name, "png"); - break; - } + } else { + // Force correct, legal extension type on file, which will be of our canonical type + // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues + // addressed in ticket #1855, where an image that looked valid (header said jpg) with a + // php extension was previously accepted without changing its extension. + $name = legal_file::change_extension($name, $extension); } rename($file, VARPATH . "modules/watermark/$name"); module::set_var("watermark", "name", $name); - module::set_var("watermark", "width", $image_info[0]); - module::set_var("watermark", "height", $image_info[1]); - module::set_var("watermark", "mime_type", $image_info["mime"]); + module::set_var("watermark", "width", $width); + module::set_var("watermark", "height", $height); + module::set_var("watermark", "mime_type", $mime_type); module::set_var("watermark", "position", $form->add_watermark->position->value); module::set_var("watermark", "transparency", $form->add_watermark->transparency->value); $this->_update_graphics_rules(); -- cgit v1.2.3 From 4cf31d8850c7df4d53a2bc56e6832bbe11388d13 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Tue, 29 Jan 2013 18:48:39 +0100 Subject: #1970 - Make add watermarks more secure and add unit tests. This follows #1855 and #1951... - Ensured that invalid or illegal files are not added even if they have valid extensions. - Added unit tests (currently there aren't any...) --- modules/watermark/controllers/admin_watermarks.php | 7 +- .../tests/Admin_Watermarks_Controller_Test.php | 124 +++++++++++++++++++++ 2 files changed, 129 insertions(+), 2 deletions(-) create mode 100644 modules/watermark/tests/Admin_Watermarks_Controller_Test.php (limited to 'modules/watermark') diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 14c2b394..1cc0c392 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -93,7 +93,9 @@ class Admin_Watermarks_Controller extends Admin_Controller { access::verify_csrf(); $form = watermark::get_add_form(); - if ($form->validate()) { + // For TEST_MODE, we want to simulate a file upload. Because this is not a true upload, Forge's + // validation logic will correctly reject it. So, we skip validation when we're running tests. + if (TEST_MODE || $form->validate()) { $file = $_POST["file"]; $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness @@ -101,7 +103,8 @@ class Admin_Watermarks_Controller extends Admin_Controller { $name = legal_file::smash_extensions($name); list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - if (!legal_file::get_photo_extensions($extension)) { + if (!$width || !$height || !$mime_type || !$extension || + !in_array($extension, legal_file::get_photo_extensions())) { message::error(t("Invalid or unidentifiable image file")); @unlink($file); return; diff --git a/modules/watermark/tests/Admin_Watermarks_Controller_Test.php b/modules/watermark/tests/Admin_Watermarks_Controller_Test.php new file mode 100644 index 00000000..0b4ba84b --- /dev/null +++ b/modules/watermark/tests/Admin_Watermarks_Controller_Test.php @@ -0,0 +1,124 @@ +_save = array($_POST, $_SERVER); + $_SERVER["HTTP_REFERER"] = "HTTP_REFERER"; + } + + public function teardown() { + list($_POST, $_SERVER) = $this->_save; + } + + public function add_watermark_test() { + // Source is a jpg file, watermark path has extension jpg + $name = test::random_name(); + $source_path = MODPATH . "gallery/images/imagemagick.jpg"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.jpg"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should be successful + $this->assert_equal(json_encode(array("result" => "success", + "location" => url::site("admin/watermarks"))), $results); + $this->assert_equal(file_get_contents($source_path), + file_get_contents(VARPATH . "modules/watermark/$name.jpg")); + $this->assert_equal("$name.jpg", module::get_var("watermark", "name")); + $this->assert_equal(114, module::get_var("watermark", "width")); + $this->assert_equal(118, module::get_var("watermark", "height")); + $this->assert_equal("image/jpeg", module::get_var("watermark", "mime_type")); + } + + public function add_watermark_reject_illegal_file_test() { + // Source is a php file, watermark path has extension php + $name = test::random_name(); + $source_path = MODPATH . "watermark/tests/Admin_Watermarks_Controller_Test.php"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.php"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should *not* be successful, and watermark should be deleted + $this->assert_equal("", $results); + $this->assert_false(file_exists($watermark_path)); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.php")); + } + + public function add_watermark_rename_legal_file_with_illegal_extension_test() { + // Source is a jpg file, watermark path has extension php + $name = test::random_name(); + $source_path = MODPATH . "gallery/images/imagemagick.jpg"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.php"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should be successful with file renamed as jpg + $this->assert_equal(json_encode(array("result" => "success", + "location" => url::site("admin/watermarks"))), $results); + $this->assert_equal(file_get_contents($source_path), + file_get_contents(VARPATH . "modules/watermark/$name.jpg")); + $this->assert_equal("$name.jpg", module::get_var("watermark", "name")); + $this->assert_equal(114, module::get_var("watermark", "width")); + $this->assert_equal(118, module::get_var("watermark", "height")); + $this->assert_equal("image/jpeg", module::get_var("watermark", "mime_type")); + } + + public function add_watermark_reject_illegal_file_with_legal_extension_test() { + // Source is a php file, watermark path has extension jpg + $name = test::random_name(); + $source_path = MODPATH . "watermark/tests/Admin_Watermarks_Controller_Test.php"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.jpg"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should *not* be successful, and watermark should be deleted + $this->assert_equal("", $results); + $this->assert_false(file_exists($watermark_path)); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.php")); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.jpg")); + } +} -- cgit v1.2.3 From 9ef891858ca6ccf4213c5981868c6175cb2cde47 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 30 Jan 2013 18:45:49 -0500 Subject: Protect admins from themselves - in case an admin changed the watermark.name setting to something terrible by accident via Admin > Advanced, we'll just use the basename. Fixes #1977. --- modules/watermark/controllers/admin_watermarks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/watermark') diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 1cc0c392..2d656c9f 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -66,7 +66,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { $form = watermark::get_delete_form(); if ($form->validate()) { - if ($name = module::get_var("watermark", "name")) { + if ($name = basename(module::get_var("watermark", "name"))) { @unlink(VARPATH . "modules/watermark/$name"); module::clear_var("watermark", "name"); -- cgit v1.2.3 From 8384d7948e257c9bc825c2d45da9630d00c603f0 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Thu, 31 Jan 2013 12:40:55 +0100 Subject: Follow-on to 5fca371a616dba16f955087c4477ee229ee222d0 for #1945. Previously skipped admin_watermarks mods to use new functionality of #1945 since there was concurrent work on it with #1970. Now that both are done, we can wrap this up. --- modules/watermark/controllers/admin_watermarks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/watermark') diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 2d656c9f..27c2efc9 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -104,7 +104,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); if (!$width || !$height || !$mime_type || !$extension || - !in_array($extension, legal_file::get_photo_extensions())) { + !legal_file::get_photo_extensions($extension)) { message::error(t("Invalid or unidentifiable image file")); @unlink($file); return; -- cgit v1.2.3 From 93963422505ecc790af62ae0503f301145debac3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 31 Jan 2013 19:55:53 -0500 Subject: Drop the requirement to have the install() function set the module version. It's redundant. Fixes #1985. --- modules/comment/helpers/comment_installer.php | 1 - modules/digibug/helpers/digibug_installer.php | 1 - modules/exif/helpers/exif_installer.php | 1 - modules/g2_import/helpers/g2_import_installer.php | 1 - modules/gallery/helpers/gallery_installer.php | 2 -- modules/gallery/helpers/module.php | 3 +-- modules/image_block/helpers/image_block_installer.php | 1 - modules/info/helpers/info_installer.php | 1 - modules/notification/helpers/notification_installer.php | 2 -- modules/rest/helpers/rest_installer.php | 1 - modules/search/helpers/search_installer.php | 1 - modules/server_add/helpers/server_add_installer.php | 1 - modules/slideshow/helpers/slideshow_installer.php | 1 - modules/tag/helpers/tag_installer.php | 1 - modules/user/helpers/user_installer.php | 1 - modules/watermark/helpers/watermark_installer.php | 1 - 16 files changed, 1 insertion(+), 19 deletions(-) (limited to 'modules/watermark') diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index 6dbd31cf..136f96ef 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -49,7 +49,6 @@ class comment_installer { module::set_var("comment", "spam_caught", 0); module::set_var("comment", "access_permissions", "everybody"); module::set_var("comment", "rss_visible", "all"); - module::set_version("comment", 7); } static function upgrade($version) { diff --git a/modules/digibug/helpers/digibug_installer.php b/modules/digibug/helpers/digibug_installer.php index b2e529d7..be88b5ec 100644 --- a/modules/digibug/helpers/digibug_installer.php +++ b/modules/digibug/helpers/digibug_installer.php @@ -30,7 +30,6 @@ class digibug_installer { module::set_var("digibug", "company_id", "3153"); module::set_var("digibug", "event_id", "8491"); - module::set_version("digibug", 2); } static function upgrade($version) { diff --git a/modules/exif/helpers/exif_installer.php b/modules/exif/helpers/exif_installer.php index f4c2aa3b..75d0f835 100644 --- a/modules/exif/helpers/exif_installer.php +++ b/modules/exif/helpers/exif_installer.php @@ -29,7 +29,6 @@ class exif_installer { PRIMARY KEY (`id`), KEY(`item_id`)) DEFAULT CHARSET=utf8;"); - module::set_version("exif", 1); } static function activate() { diff --git a/modules/g2_import/helpers/g2_import_installer.php b/modules/g2_import/helpers/g2_import_installer.php index b0c14425..c7569819 100644 --- a/modules/g2_import/helpers/g2_import_installer.php +++ b/modules/g2_import/helpers/g2_import_installer.php @@ -31,7 +31,6 @@ class g2_import_installer { KEY `g2_id` (`g2_id`)) DEFAULT CHARSET=utf8;"); - module::set_version("g2_import", 2); mkdir(VARPATH . "modules/g2_import"); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index d4c4de14..7f10cdee 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -315,8 +315,6 @@ class gallery_installer { module::set_var("gallery", "timezone", null); module::set_var("gallery", "lock_timeout", 1); module::set_var("gallery", "movie_extract_frame_time", 3); - - module::set_version("gallery", 55); } static function upgrade($version) { diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index f4ab5571..df258e87 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -175,9 +175,8 @@ class module_Core { $installer_class = "{$module_name}_installer"; if (method_exists($installer_class, "install")) { call_user_func_array(array($installer_class, "install"), array()); - } else { - module::set_version($module_name, module::available()->$module_name->code_version); } + module::set_version($module_name, module::available()->$module_name->code_version); // Set the weight of the new module, which controls the order in which the modules are // loaded. By default, new modules are installed at the end of the priority list. Since the diff --git a/modules/image_block/helpers/image_block_installer.php b/modules/image_block/helpers/image_block_installer.php index 8558fe51..b177b971 100644 --- a/modules/image_block/helpers/image_block_installer.php +++ b/modules/image_block/helpers/image_block_installer.php @@ -21,7 +21,6 @@ class image_block_installer { static function install() { module::set_var("image_block", "image_count", "1"); - module::set_version("image_block", $version = 3); } static function upgrade($version) { diff --git a/modules/info/helpers/info_installer.php b/modules/info/helpers/info_installer.php index 560af15c..43c216dc 100644 --- a/modules/info/helpers/info_installer.php +++ b/modules/info/helpers/info_installer.php @@ -25,7 +25,6 @@ class info_installer { module::set_var("info", "show_owner", 1); module::set_var("info", "show_name", 1); module::set_var("info", "show_captured", 1); - module::set_version("info", 2); } static function upgrade($version) { diff --git a/modules/notification/helpers/notification_installer.php b/modules/notification/helpers/notification_installer.php index 58435641..f6b05c18 100644 --- a/modules/notification/helpers/notification_installer.php +++ b/modules/notification/helpers/notification_installer.php @@ -36,8 +36,6 @@ class notification_installer { `text` text, PRIMARY KEY (`id`)) DEFAULT CHARSET=utf8;"); - - module::set_version("notification", 2); } static function upgrade($version) { diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php index df7484fe..96f8acfa 100644 --- a/modules/rest/helpers/rest_installer.php +++ b/modules/rest/helpers/rest_installer.php @@ -29,7 +29,6 @@ class rest_installer { UNIQUE KEY(`user_id`)) DEFAULT CHARSET=utf8;"); module::set_var("rest", "allow_guest_access", false); - module::set_version("rest", 3); } static function upgrade($version) { diff --git a/modules/search/helpers/search_installer.php b/modules/search/helpers/search_installer.php index 78dbce38..c9e8f26c 100644 --- a/modules/search/helpers/search_installer.php +++ b/modules/search/helpers/search_installer.php @@ -30,7 +30,6 @@ class search_installer { FULLTEXT INDEX (`data`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;"); - module::set_version("search", 1); } static function activate() { diff --git a/modules/server_add/helpers/server_add_installer.php b/modules/server_add/helpers/server_add_installer.php index e843fc79..b62bbcfa 100644 --- a/modules/server_add/helpers/server_add_installer.php +++ b/modules/server_add/helpers/server_add_installer.php @@ -30,7 +30,6 @@ class server_add_installer { `task_id` int(9) NOT NULL, PRIMARY KEY (`id`)) DEFAULT CHARSET=utf8;"); - module::set_version("server_add", 4); server_add::check_config(); } diff --git a/modules/slideshow/helpers/slideshow_installer.php b/modules/slideshow/helpers/slideshow_installer.php index d283487d..22bd9534 100644 --- a/modules/slideshow/helpers/slideshow_installer.php +++ b/modules/slideshow/helpers/slideshow_installer.php @@ -20,7 +20,6 @@ class slideshow_installer { static function install() { module::set_var("slideshow", "max_scale", 0); - module::set_version("slideshow", 2); } static function upgrade($version) { diff --git a/modules/tag/helpers/tag_installer.php b/modules/tag/helpers/tag_installer.php index f80a9de3..1fd18f3e 100644 --- a/modules/tag/helpers/tag_installer.php +++ b/modules/tag/helpers/tag_installer.php @@ -37,7 +37,6 @@ class tag_installer { KEY(`item_id`, `id`)) DEFAULT CHARSET=utf8;"); module::set_var("tag", "tag_cloud_size", 30); - module::set_version("tag", 3); } static function upgrade($version) { diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index e28af69a..67f6a3d5 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -138,6 +138,5 @@ class user_installer { access::allow($registered, "view_full", $root); module::set_var("user", "minimum_password_length", 5); - module::set_version("user", 4); } } \ No newline at end of file diff --git a/modules/watermark/helpers/watermark_installer.php b/modules/watermark/helpers/watermark_installer.php index 5df780a1..13338912 100644 --- a/modules/watermark/helpers/watermark_installer.php +++ b/modules/watermark/helpers/watermark_installer.php @@ -33,7 +33,6 @@ class watermark_installer { DEFAULT CHARSET=utf8;"); @mkdir(VARPATH . "modules/watermark"); - module::set_version("watermark", 2); } static function uninstall() { -- cgit v1.2.3 From 0312d1b071bd4434ddb3f82888b0323da6bf3732 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Fri, 8 Feb 2013 13:51:41 +0100 Subject: #1994 - Make get_file_metadata throw an exception if photo or movie is unidentifiable/illegal. - photo & movie helpers: modified to throw exceptions when file is known to be unidentifiable/illegal. - item model: revised to work with exceptions and be more explicit when the data file is invalid. - item model: removed duplicate get_file_metadata call for updated items. - admin_watermarks controller: revised to work with exceptions (really cleans up logic here). - graphics helper: revised to handle invalid placeholders (a nearly-impossible corner case, but still...). - photo & movie helper tests: revised to work with exceptions, added new tests for illegal files with valid extensions. - item model tests: revised to work with exceptions, added new tests for illegal files with valid extensions. --- modules/gallery/helpers/gallery_graphics.php | 5 ++ modules/gallery/helpers/graphics.php | 11 +++- modules/gallery/helpers/movie.php | 10 ++- modules/gallery/helpers/photo.php | 9 ++- modules/gallery/models/item.php | 71 +++++++++++++--------- modules/gallery/tests/Item_Model_Test.php | 16 ++++- modules/gallery/tests/Movie_Helper_Test.php | 36 +++++++++-- modules/gallery/tests/Photo_Helper_Test.php | 18 +++++- modules/watermark/controllers/admin_watermarks.php | 13 ++-- 9 files changed, 139 insertions(+), 50 deletions(-) (limited to 'modules/watermark') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index b78bd9a7..eb76353f 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -172,6 +172,11 @@ class gallery_graphics_Core { module::event("graphics_composite_completed", $input_file, $output_file, $options, $item); } catch (ErrorException $e) { + // Unlike rotate and resize, composite catches its exceptions here. This is because + // composite is typically called for watermarks. If during thumb/resize generation + // the watermark fails, we'd still like the image resized, just without its watermark. + // If the exception isn't caught here, graphics::generate will replace it with a + // placeholder. Kohana_Log::add("error", $e->getMessage()); } } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 4df57fba..e34af018 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -224,7 +224,16 @@ class graphics_Core { graphics::_replace_image_with_placeholder($item, "resize"); } graphics::_replace_image_with_placeholder($item, "thumb"); - graphics::_update_item_dimensions($item); + try { + graphics::_update_item_dimensions($item); + } catch (Exception $e) { + // Looks like get_file_metadata couldn't identify our placeholders. We should never get + // here, but in the odd case we do, we need to do something. Let's put in hardcoded values. + if ($item->is_photo()) { + list ($item->resize_width, $item->resize_height) = array(200, 200); + } + list ($item->thumb_width, $item->thumb_height) = array(200, 200); + } $item->save(); throw $e; } diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 6844771b..d4b907a2 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -192,8 +192,16 @@ class movie_Core { $metadata->extension = strtolower($extension); } - // Run movie_get_file_metadata events which can modify the class, then return results. + // Run movie_get_file_metadata events which can modify the class. module::event("movie_get_file_metadata", $file_path, $metadata); + + // If the post-events results are invalid, throw an exception. Note that, unlike photos, having + // zero width and height isn't considered invalid (as is the case when FFmpeg isn't installed). + if (!$metadata->mime_type || !$metadata->extension || + ($metadata->mime_type != legal_file::get_movie_types_by_extension($metadata->extension))) { + throw new Exception("@todo ILLEGAL_OR_UNINDENTIFIABLE_FILE"); + } + return array($metadata->width, $metadata->height, $metadata->mime_type, $metadata->extension, $metadata->duration); } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 51e51507..2d32f0d3 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -133,8 +133,15 @@ class photo_Core { $metadata->height = 0; } - // Run photo_get_file_metadata events which can modify the class, then return results. + // Run photo_get_file_metadata events which can modify the class. module::event("photo_get_file_metadata", $file_path, $metadata); + + // If the post-events results are invalid, throw an exception. + if (!$metadata->width || !$metadata->height || !$metadata->mime_type || !$metadata->extension || + ($metadata->mime_type != legal_file::get_photo_types_by_extension($metadata->extension))) { + throw new Exception("@todo ILLEGAL_OR_UNINDENTIFIABLE_FILE"); + } + return array($metadata->width, $metadata->height, $metadata->mime_type, $metadata->extension); } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 197d3057..33b8a89d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -21,6 +21,7 @@ class Item_Model_Core extends ORM_MPTT { protected $children = "items"; protected $sorting = array(); public $data_file = null; + private $data_file_error = null; public function __construct($id=null) { parent::__construct($id); @@ -378,18 +379,26 @@ class Item_Model_Core extends ORM_MPTT { // Get the width, height and mime type from our data file for photos and movies. if ($this->is_photo() || $this->is_movie()) { - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - - // Force an extension onto the name if necessary - $pi = pathinfo($this->data_file); - if (empty($pi["extension"])) { - $this->name = "{$this->name}.$extension"; + try { + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } + + // Force an extension onto the name if necessary + $pi = pathinfo($this->data_file); + if (empty($pi["extension"])) { + $this->name = "{$this->name}.$extension"; + } + + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; } } @@ -436,17 +445,24 @@ class Item_Model_Core extends ORM_MPTT { // appropriate for its data. We don't try to preserve the name of the data file, though, // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { - $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); - $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; - if (!empty($extension) && strcmp($this->name, $new_name)) { - $this->name = $new_name; - } - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); + try { + $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); + $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; + if (!empty($extension) && strcmp($this->name, $new_name)) { + $this->name = $new_name; + } + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; } } @@ -524,13 +540,6 @@ class Item_Model_Core extends ORM_MPTT { // Replace the data file, if requested. if ($this->data_file && ($this->is_photo() || $this->is_movie())) { copy($this->data_file, $this->file_path()); - - // Get the width, height and mime type from our data file for photos and movies. - if ($this->is_photo()) { - list ($this->width, $this->height) = photo::get_file_metadata($this->file_path()); - } else if ($this->is_movie()) { - list ($this->width, $this->height) = movie::get_file_metadata($this->file_path()); - } $this->thumb_dirty = 1; $this->resize_dirty = 1; } @@ -966,6 +975,8 @@ class Item_Model_Core extends ORM_MPTT { $v->add_error("name", "bad_data_file_path"); } else if (filesize($this->data_file) == 0) { $v->add_error("name", "empty_data_file"); + } else if ($this->data_file_error) { + $v->add_error("name", "invalid_data_file"); } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index a1c5bce6..a93498dd 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -445,13 +445,25 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), - $e->validation->errors()); + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); } + public function unsafe_data_file_replacement_with_valid_extension_test() { + $temp_file = TMPPATH . "masquerading_php.jpg"; + copy(MODPATH . "gallery/tests/Item_Model_Test.php", $temp_file); + try { + $photo = test::random_photo(); + $photo->set_data_file($temp_file); + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); + return; // pass + } + } + public function urls_test() { $photo = test::random_photo(); $this->assert_true( diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php index 0c262620..03fa2da9 100644 --- a/modules/gallery/tests/Movie_Helper_Test.php +++ b/modules/gallery/tests/Movie_Helper_Test.php @@ -64,18 +64,42 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { public function get_file_metadata_with_no_extension_test() { copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_no_extension"); - $this->assert_equal(array(360, 288, null, null, 6.00), - movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension")); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_test() { - $this->assert_equal(array(0, 0, null, null, 0), - movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php")); + try { + $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_php_extension.php"); - $this->assert_equal(array(360, 288, null, null, 6.00), - movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php")); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_flv_extension.flv"); + // Since mime type and extension are based solely on the filename, this is considered valid. + // Of course, FFmpeg cannot extract width, height, or duration from the file. Note that this + // isn't a really a security problem, since the filename doesn't have a php extension and + // therefore will never be executed. + $this->assert_equal(array(0, 0, "video/x-flv", "flv", 0), + movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv")); } } diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php index 5207a6db..79b5ccfd 100644 --- a/modules/gallery/tests/Photo_Helper_Test.php +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -40,8 +40,12 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { } public function get_file_metadata_with_illegal_extension_test() { - $this->assert_equal(array(0, 0, null, null), - photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php")); + try { + $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { @@ -53,4 +57,14 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php")); } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_jpg_extension.jpg"); + try { + $metadata = photo::get_file_metadata(TMPPATH . "test_php_with_jpg_extension.jpg"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } } diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 27c2efc9..59bb7fa9 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -102,18 +102,17 @@ class Admin_Watermarks_Controller extends Admin_Controller { $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); $name = legal_file::smash_extensions($name); - list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - if (!$width || !$height || !$mime_type || !$extension || - !legal_file::get_photo_extensions($extension)) { - message::error(t("Invalid or unidentifiable image file")); - @unlink($file); - return; - } else { + try { + list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); // Force correct, legal extension type on file, which will be of our canonical type // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues // addressed in ticket #1855, where an image that looked valid (header said jpg) with a // php extension was previously accepted without changing its extension. $name = legal_file::change_extension($name, $extension); + } catch (Exception $e) { + message::error(t("Invalid or unidentifiable image file")); + @unlink($file); + return; } rename($file, VARPATH . "modules/watermark/$name"); -- cgit v1.2.3 From d04a6fc87d96b70ab0f70414f2ff40d1f1e7f482 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Tue, 12 Feb 2013 00:37:33 +0100 Subject: #2001 - Make filename sanitizing more consistent. - legal_file - added sanitize_filname() to sanitize photo/movie filenames. - admin_watermarks - revised add() to use new function. - item model - added _process_data_file_info() to validate the data file, get its metadata, and sanitize the item name. - item model - revised save() for new items to use _process_data_file_info *before* the slug is checked. - item model - revised save() for updated items to use _process_data_file_info. - item model - revised save() for updated items to sanitize name if changed. - uploader - removed call to smash_extensions (item model does this when it calls sanitize_filename). - Legal_File_Helper_Test - added unit tests for sanitize_filename. - Item_Model_Test - revised existing unit tests based on changes. - Item_Model_Test - added new unit tests for names with legal but incorrect extensions. - Averted take over by HAL with fix #2001... --- modules/gallery/controllers/uploader.php | 4 - modules/gallery/helpers/legal_file.php | 57 ++++++++++++ modules/gallery/models/item.php | 95 ++++++++++--------- modules/gallery/tests/Item_Model_Test.php | 101 ++++++++++----------- modules/gallery/tests/Legal_File_Helper_Test.php | 44 +++++++++ modules/watermark/controllers/admin_watermarks.php | 9 +- 6 files changed, 202 insertions(+), 108 deletions(-) (limited to 'modules/watermark') diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 55c65c95..78437071 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -63,10 +63,6 @@ class Uploader_Controller extends Controller { $item->parent_id = $album->id; $item->set_data_file($temp_filename); - // Remove double extensions from the filename - they'll be disallowed in the model but if - // we don't do it here then it'll result in a failed upload. - $item->name = legal_file::smash_extensions($item->name); - $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && legal_file::get_movie_extensions($path_info["extension"])) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index ef588ceb..5a852f2b 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -250,4 +250,61 @@ class legal_file_Core { $result .= isset($parts["extension"]) ? "{$parts['filename']}.{$parts['extension']}" : $parts["filename"]; return $result; } + + /** + * Sanitize a filename for a given type (given as "photo" or "movie") and a target file format + * (given as an extension). This returns a completely legal and valid filename, + * or throws an exception if the type or extension given is invalid or illegal. It tries to + * maintain the filename's original extension even if it's not identical to the given extension + * (e.g. don't change "JPG" or "jpeg" to "jpg"). + * + * Note: it is not okay if the extension given is legal but does not match the type (e.g. if + * extension is "mp4" and type is "photo", it will throw an exception) + * + * @param string $filename (with no directory) + * @param string $extension (can be uppercase or lowercase) + * @param string $type (as "photo" or "movie") + * @return string sanitized filename (or null if bad extension argument) + */ + static function sanitize_filename($filename, $extension, $type) { + // Check if the type is valid - if so, get the mime types of the + // original and target extensions; if not, throw an exception. + $original_extension = pathinfo($filename, PATHINFO_EXTENSION); + switch ($type) { + case "photo": + $mime_type = legal_file::get_photo_types_by_extension($extension); + $original_mime_type = legal_file::get_photo_types_by_extension($original_extension); + break; + case "movie": + $mime_type = legal_file::get_movie_types_by_extension($extension); + $original_mime_type = legal_file::get_movie_types_by_extension($original_extension); + break; + default: + throw new Exception("@todo INVALID_TYPE"); + } + + // Check if the target extension is blank or invalid - if so, throw an exception. + if (!$extension || !$mime_type) { + throw new Exception("@todo ILLEGAL_EXTENSION"); + } + + // Check if the mime types of the original and target extensions match - if not, fix it. + if (!$original_extension || ($mime_type != $original_mime_type)) { + $filename = legal_file::change_extension($filename, $extension); + } + + // It should be a filename without a directory - remove all slashes (and backslashes). + $filename = str_replace("/", "_", $filename); + $filename = str_replace("\\", "_", $filename); + + // Remove extra dots from the filename. This will also remove extraneous underscores. + $filename = legal_file::smash_extensions($filename); + + // It's possible that the filename has no base (e.g. ".jpg") - if so, give it a generic one. + if (empty($filename) || (substr($filename, 0, 1) == ".")) { + $filename = $type . $filename; // e.g. "photo.jpg" or "movie.mp4" + } + + return $filename; + } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 33b8a89d..43b9a292 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -365,6 +365,14 @@ class Item_Model_Core extends ORM_MPTT { $this->weight = item::get_max_weight(); } + // Process the data file info. + if (isset($this->data_file)) { + $this->_process_data_file_info(); + } else if (!$this->is_album()) { + // Unless it's an album, new items must have a data file. + $this->data_file_error = true; + } + // Make an url friendly slug from the name, if necessary if (empty($this->slug)) { $this->slug = item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME)); @@ -377,31 +385,6 @@ class Item_Model_Core extends ORM_MPTT { } } - // Get the width, height and mime type from our data file for photos and movies. - if ($this->is_photo() || $this->is_movie()) { - try { - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - - // Force an extension onto the name if necessary - $pi = pathinfo($this->data_file); - if (empty($pi["extension"])) { - $this->name = "{$this->name}.$extension"; - } - - // Data file valid - make sure the flag is reset to false. - $this->data_file_error = false; - } catch (Exception $e) { - // Data file invalid - set the flag so it's reported during item validation. - $this->data_file_error = true; - } - } - $this->_check_and_fix_conflicts(); parent::save(); @@ -439,31 +422,19 @@ class Item_Model_Core extends ORM_MPTT { // keep it around. $original = ORM::factory("item", $this->id); - // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume + // If we have a new data file, process its info. This will get its metadata and + // preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume // the MIME type from the extension. So when we adopt the new data file, it's important // to adopt the new extension. That ensures that the item's extension is always // appropriate for its data. We don't try to preserve the name of the data file, though, // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { - try { - $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); - $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; - if (!empty($extension) && strcmp($this->name, $new_name)) { - $this->name = $new_name; - } - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - // Data file valid - make sure the flag is reset to false. - $this->data_file_error = false; - } catch (Exception $e) { - // Data file invalid - set the flag so it's reported during item validation. - $this->data_file_error = true; - } + $this->_process_data_file_info(); + } else if (!$this->is_album() && array_key_exists("name", $this->changed)) { + // There's no new data file, but the name changed. If it's a photo or movie, + // make sure the new name still agrees with the file type. + $this->name = legal_file::sanitize_filename($this->name, + pathinfo($original->name, PATHINFO_EXTENSION), $this->type); } // If an album's cover has changed (or been removed), delete any existing album cover, @@ -624,6 +595,40 @@ class Item_Model_Core extends ORM_MPTT { } } + /** + * Process the data file info. Get its metadata and extension. + * If valid, use it to sanitize the item name and update the + * width, height, and mime type. + */ + private function _process_data_file_info() { + try { + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } else { + // Albums don't have data files. + $this->data_file = null; + return; + } + + // Sanitize the name based on the idenified extension, but only set $this->name if different + // to ensure it isn't unnecessarily marked as "changed" + $name = legal_file::sanitize_filename($this->name, $extension, $this->type); + if ($this->name != $name) { + $this->name = $name; + } + + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; + } + } + /** * Return the Item_Model representing the cover for this album. * @return Item_Model or null if there's no cover diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index a93498dd..fcb5c2ad 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -126,14 +126,9 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function item_rename_wont_accept_slash_test() { $item = test::random_photo(); - try { - $item->name = test::random_name() . "/"; - $item->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "no_slashes"), $e->validation->errors()); - return; - } - $this->assert_true(false, "Shouldn't get here"); + $item->name = "/no_slashes/allowed/"; + $item->save(); + $this->assert_equal("no_slashes_allowed.jpg", $item->name); } public function move_album_test() { @@ -328,30 +323,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function photo_files_must_have_an_extension_test() { - try { - $photo = test::random_photo_unsaved(); - $photo->mime_type = "image/jpeg"; - $photo->name = "no_extension"; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(); + $photo->name = "no_extension_photo"; + $photo->save(); + $this->assert_equal("no_extension_photo.jpg", $photo->name); } public function movie_files_must_have_an_extension_test() { - try { - $movie = test::random_movie_unsaved(); - $movie->type = "movie"; - $movie->mime_type = "video/x-flv"; - $movie->name = "no_extension"; - $movie->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $movie = test::random_movie_unsaved(); + $movie->name = "no_extension_movie"; + $movie->save(); + $this->assert_equal("no_extension_movie.flv", $movie->name); } public function cant_delete_root_album_test() { @@ -445,7 +427,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -462,6 +444,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); return; // pass } + $this->assert_true(false, "Shouldn't get here"); } public function urls_test() { @@ -493,43 +476,55 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $album->thumb_url() . " is malformed"); } - public function legal_extension_test() { - foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + public function legal_extension_that_does_match_gets_used_test() { + foreach (array("jpg", "JPG", "Jpg", "jpeg") as $extension) { $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; + $photo->name = test::random_name() . ".{$extension}"; $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal($extension, pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function illegal_extension_test() { foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl", "test.php.png") as $name) { - try { - $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function cant_rename_to_illegal_extension_test() { foreach (array("test.php.test", "test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { - try { - $photo = test::random_photo(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function rename_to_legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index 203d5616..7ed5214b 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -150,4 +150,48 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal("", legal_file::smash_extensions("")); $this->assert_equal(null, legal_file::smash_extensions(null)); } + + public function sanitize_filename_with_no_rename_test() { + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename("foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.jpg", "jpeg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.MP4", "mp4", "movie")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.mp4", "MP4", "movie")); + } + + public function sanitize_filename_with_corrected_extension_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.png", "jpg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.jpg", "MP4", "movie")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.php", "jpg", "photo")); + } + + public function sanitize_filename_with_non_standard_chars_and_dots_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo", "jpg", "photo")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.", "mp4", "movie")); + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename(".foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo_2013_02_10.jpeg", + legal_file::sanitize_filename("foo.2013/02/10.jpeg", "jpg", "photo")); + $this->assert_equal("foo_bar_baz.jpg", + legal_file::sanitize_filename("...foo...bar..baz...png", "jpg", "photo")); + $this->assert_equal("j'écris@un#nom_bizarre(mais quand_même_ça_passe.jpg", + legal_file::sanitize_filename("/j'écris@un#nom/bizarre(mais quand.même/ça_passe.\$ÇÀ@€#_", "jpg", "photo")); + } + + public function sanitize_filename_with_no_base_name_test() { + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".png", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename("__..__", "mp4", "movie")); + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename(null, "mp4", "movie")); + } + + public function sanitize_filename_with_invalid_arguments_test() { + foreach (array("flv" => "photo", "jpg" => "movie", "php" => "photo", + null => "movie", "jpg" => "album", "jpg" => null) as $extension => $type) { + try { + legal_file::sanitize_filename("foo.jpg", $extension, $type); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + } } \ No newline at end of file diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 59bb7fa9..b058d6a5 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -97,18 +97,15 @@ class Admin_Watermarks_Controller extends Admin_Controller { // validation logic will correctly reject it. So, we skip validation when we're running tests. if (TEST_MODE || $form->validate()) { $file = $_POST["file"]; - $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness - $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); - $name = legal_file::smash_extensions($name); + $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file)); try { list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - // Force correct, legal extension type on file, which will be of our canonical type - // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues + // Sanitize filename, which ensures a valid extension. This renaming prevents the issues // addressed in ticket #1855, where an image that looked valid (header said jpg) with a // php extension was previously accepted without changing its extension. - $name = legal_file::change_extension($name, $extension); + $name = legal_file::sanitize_filename($name, $extension, "photo"); } catch (Exception $e) { message::error(t("Invalid or unidentifiable image file")); @unlink($file); -- cgit v1.2.3