From d66c496fb1007bbd0b1640496808000c573d95fd Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 25 Jun 2010 06:45:09 -0700 Subject: Change the theme option page to display using tabs if the site theme has an admin page. --- modules/gallery/helpers/theme.php | 5 ++-- modules/gallery/views/admin_theme_options.html.php | 31 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index 980ee11a..a390645f 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -70,7 +70,7 @@ class theme_Core { static function get_edit_form_admin() { $form = new Forge("admin/theme_options/save/", "", null, array("id" =>"g-theme-options-form")); - $group = $form->group("edit_theme"); + $group = $form->group("edit_theme")->label(t("Theme Layout")); $group->input("page_size")->label(t("Items per page"))->id("g-page-size") ->rules("required|valid_digit") ->error_messages("required", t("You must enter a number")) @@ -95,7 +95,8 @@ class theme_Core { module::event("theme_edit_form", $form); - $group = $form->group("buttons"); + $group = $form->group("buttons") + ->set_attr("style","border: none"); $group->submit("")->value(t("Save")); return $form; } diff --git a/modules/gallery/views/admin_theme_options.html.php b/modules/gallery/views/admin_theme_options.html.php index a4bf1c4e..2cf97713 100644 --- a/modules/gallery/views/admin_theme_options.html.php +++ b/modules/gallery/views/admin_theme_options.html.php @@ -1,4 +1,35 @@ + +

-- cgit v1.2.3 From 8bc7eec60f8be5219bed64d95cf7e6efb85941f1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 25 Jun 2010 09:56:44 -0700 Subject: Add a

title saying that this is a preview. --- modules/gallery/views/admin_themes_preview.html.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/gallery/views/admin_themes_preview.html.php b/modules/gallery/views/admin_themes_preview.html.php index a7aea172..80a6158b 100644 --- a/modules/gallery/views/admin_themes_preview.html.php +++ b/modules/gallery/views/admin_themes_preview.html.php @@ -1,4 +1,5 @@ +

$info->name)) ?>

"> %theme_name", array("theme_name" => $info->name)) ?> -- cgit v1.2.3 From e380f19ee29ee1f524aee2d4ebbf4c49f120fb19 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 25 Jun 2010 10:17:06 -0700 Subject: Fix an issue where a preview of the admin view would not work. --- modules/gallery/helpers/theme.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index a390645f..4730d296 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -53,6 +53,15 @@ class theme_Core { if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) { array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin"); } + // Admins can override the site theme, temporarily. This lets us preview themes. + if (identity::active_user()->admin && $override = $input->get("theme")) { + if (file_exists(THEMEPATH . $override)) { + self::$admin_theme_name = $override; + } else { + Kohana_Log::add("error", "Missing override theme: '$override'"); + } + } + array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && $override = $input->get("theme")) { -- cgit v1.2.3 From 8ecf28d3efa258d790d6cb31947407deb7149797 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 25 Jun 2010 10:23:11 -0700 Subject: Better fix for the problem that a preview of an admin theme was not showing up. --- modules/gallery/helpers/theme.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index 4730d296..419d986f 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -57,11 +57,11 @@ class theme_Core { if (identity::active_user()->admin && $override = $input->get("theme")) { if (file_exists(THEMEPATH . $override)) { self::$admin_theme_name = $override; + array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { Kohana_Log::add("error", "Missing override theme: '$override'"); } } - array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && $override = $input->get("theme")) { -- cgit v1.2.3 From 6b619e1098d770670b50553564b96bacec4a3f0c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 26 Jun 2010 12:00:14 -0700 Subject: Differentiate in our logs between missing site and admin theme overrides. --- modules/gallery/helpers/theme.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index 419d986f..c2980149 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -59,7 +59,7 @@ class theme_Core { self::$admin_theme_name = $override; array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { - Kohana_Log::add("error", "Missing override theme: '$override'"); + Kohana_Log::add("error", "Missing override admin theme: '$override'"); } } } else { @@ -68,7 +68,7 @@ class theme_Core { if (file_exists(THEMEPATH . $override)) { self::$site_theme_name = $override; } else { - Kohana_Log::add("error", "Missing override theme: '$override'"); + Kohana_Log::add("error", "Missing override site theme: '$override'"); } } array_unshift($modules, THEMEPATH . self::$site_theme_name); -- cgit v1.2.3 From 5767971f433ca22f152fb348901d2f4336913038 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 26 Jun 2010 12:00:55 -0700 Subject: Sentence casing. --- modules/gallery/helpers/theme.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index c2980149..3589a5b7 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -79,7 +79,7 @@ class theme_Core { static function get_edit_form_admin() { $form = new Forge("admin/theme_options/save/", "", null, array("id" =>"g-theme-options-form")); - $group = $form->group("edit_theme")->label(t("Theme Layout")); + $group = $form->group("edit_theme")->label(t("Theme layout")); $group->input("page_size")->label(t("Items per page"))->id("g-page-size") ->rules("required|valid_digit") ->error_messages("required", t("You must enter a number")) -- cgit v1.2.3 From e5ae2c91bc58518c977afdc134d5a59cb7ed9b71 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 26 Jun 2010 12:14:02 -0700 Subject: Style cleanup. --- modules/gallery/views/admin_theme_options.html.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_theme_options.html.php b/modules/gallery/views/admin_theme_options.html.php index 2cf97713..b4a90682 100644 --- a/modules/gallery/views/admin_theme_options.html.php +++ b/modules/gallery/views/admin_theme_options.html.php @@ -10,17 +10,17 @@ var text = $("legend", this).text(); var tabId = "tab_" + index; var tabContentId = "tab_content_" + index; - console.log(tabId+": text='"+text+"'"); if (text == "") { text = for_js() ?> + index; } - $(".tabnav").append("

  • "+text+"
    • "); - $("#g-theme-options-form-tabs").append("
    "); - + $(".tabnav").append( + "
  • " + text + "
    • "); + $("#g-theme-options-form-tabs").append( + "
    "); if ($("li.g-error", this).length > 0) { - $("#"+tabId).addClass("g-error"); + $("#" + tabId).addClass("g-error"); } - $("#"+tabContentId).append($("ul", this)); + $("#" + tabContentId).append($("ul", this)); $(this).remove(); }); $("#g-theme-options-form-tabs").tabs({}); @@ -31,8 +31,7 @@
    -

    - +

    -- cgit v1.2.3 From 5335e4c0b4bffeeeb8667ed706b5e8702de00ce9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 27 Jun 2010 11:25:31 -0700 Subject: Fix the autocomplete callback in item_edit_form(). We were incorrectly matching the form input in the jQuery selector. Did this ever work? Fixes ticket #1168 --- modules/tag/helpers/tag_event.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index a790b930..1a593d3f 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -67,8 +67,8 @@ class tag_event_Core { static function item_edit_form($item, $form) { $url = url::site("tags/autocomplete"); $form->script("") - ->text("$('form input[id=tags]').ready(function() { - $('form input[id=tags]').autocomplete( + ->text("$('form input[name=tags]').ready(function() { + $('form input[name=tags]').autocomplete( '$url', {max: 30, multiple: true, multipleSeparator: ',', cacheLength: 1}); });"); -- cgit v1.2.3 From f75ce45b6b6b848840d9a1688ca382a49de4f338 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 27 Jun 2010 12:14:56 -0700 Subject: When detecting encodings, give priority to ISO-8859-1 which seems to solve the umlaut problem in IPTC data. Fixes ticket #1144. --- modules/exif/helpers/exif.php | 6 ++++-- modules/tag/helpers/tag_event.php | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 943feba7..aa77b42e 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -36,7 +36,8 @@ class exif_Core { foreach(self::_keys() as $field => $exifvar) { if (isset($exif_raw[$exifvar[0]][$exifvar[1]])) { $value = $exif_raw[$exifvar[0]][$exifvar[1]]; - if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") { + if (function_exists("mb_detect_encoding") && + mb_detect_encoding($value, "ISO-8859-1, UTF-8") != "UTF-8") { $value = utf8_encode($value); } $keys[$field] = Input::clean($value); @@ -59,7 +60,8 @@ class exif_Core { foreach (array("Keywords" => "2#025", "Caption" => "2#120") as $keyword => $iptc_key) { if (!empty($iptc[$iptc_key])) { $value = implode(" ", $iptc[$iptc_key]); - if (function_exists("mb_detect_encoding") && mb_detect_encoding($value) != "UTF-8") { + if (function_exists("mb_detect_encoding") && + mb_detect_encoding($value, "ISO-8859-1, UTF-8") != "UTF-8") { $value = utf8_encode($value); } $keys[$keyword] = Input::clean($value); diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 1a593d3f..7fe9fba3 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -36,7 +36,8 @@ class tag_event_Core { $tag = str_replace("\0", "", $tag); foreach (explode(",", $tag) as $word) { $word = trim($word); - if (function_exists("mb_detect_encoding") && mb_detect_encoding($word) != "UTF-8") { + if (function_exists("mb_detect_encoding") && + mb_detect_encoding($word, "ISO-8859-1, UTF-8") != "UTF-8") { $word = utf8_encode($word); } $tags[$word] = 1; -- cgit v1.2.3 From 3feb561054a735e6959e894eb568aa386426bb65 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 3 Jul 2010 11:40:56 -0700 Subject: Internationalize the "Gallery 2 path saved." message and remove the trailing period. Fixes ticket #1171. --- modules/g2_import/controllers/admin_g2_import.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/g2_import/controllers/admin_g2_import.php b/modules/g2_import/controllers/admin_g2_import.php index cc60f757..b9427f79 100644 --- a/modules/g2_import/controllers/admin_g2_import.php +++ b/modules/g2_import/controllers/admin_g2_import.php @@ -60,7 +60,7 @@ class Admin_g2_import_Controller extends Admin_Controller { } if (g2_import::is_valid_embed_path($embed_path)) { - message::success("Gallery 2 path saved."); + message::success(t("Gallery 2 path saved")); module::set_var("g2_import", "embed_path", $embed_path); url::redirect("admin/g2_import"); } else { -- cgit v1.2.3 From 0d424a635d12eee59d2080fa7ffa32a248b0fd5c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 3 Jul 2010 14:25:33 -0700 Subject: When we delete an item, make sure that we scrub it from any other items that may have it in the album_cover_item_id column. Fixes ticket #1172. --- modules/gallery/helpers/gallery_event.php | 9 +++++++++ modules/gallery/tests/Item_Helper_Test.php | 7 +++++-- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 82f42d98..40ea50fa 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -98,6 +98,15 @@ class gallery_event_Core { static function item_deleted($item) { access::delete_item($item); + // Find any other albums that had the deleted item as the album cover and null it out. + // In some cases this may leave us with a missing album cover up in this item's parent + // hierarchy, but in most cases it'll work out fine. + foreach (ORM::factory("item") + ->where("album_cover_item_id", "=", $item->id) + ->find_all() as $parent) { + item::remove_album_cover($parent); + } + $parent = $item->parent(); if (!$parent->album_cover_item_id) { // Assume we deleted the album cover and pick a new one. Choosing the first photo in the diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 00229973..eb2458cb 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -111,15 +111,18 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_not_same($rand, $photo2->slug); } - public function delete_cover_photo_picks_new_album_cover() { - $album = test::random_album(); + public function delete_cover_photo_picks_new_album_cover_test() { + $parent = test::random_album(); + $album = test::random_album($parent); $photo1 = test::random_photo($album); // At this point, $photo1 is the album cover. We verify this in // Item_Model_Test::first_photo_becomes_album_cover $photo2 = test::random_photo($album); $photo1->delete(); $album->reload(); + $parent->reload(); $this->assert_same($photo2->id, $album->album_cover_item_id); + $this->assert_same($photo2->id, $parent->album_cover_item_id); } } -- cgit v1.2.3 From 60126adc7e73ec6e70ee5033abf5032ac6b88305 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 4 Jul 2010 20:40:50 -0700 Subject: In the site menu, say "Delete album", "Delete photo" or "Delete movie" as appropriate for the item type. Fixes ticket #1175. --- modules/gallery/helpers/gallery_event.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 40ea50fa..272fd205 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -228,14 +228,17 @@ class gallery_event_Core { case "album": $option_text = t("Album options"); $edit_text = t("Edit album"); + $delete_text = t("Delete album"); break; case "movie": $option_text = t("Movie options"); $edit_text = t("Edit movie"); + $delete_text = t("Delete movie"); break; default: $option_text = t("Photo options"); $edit_text = t("Edit photo"); + $delete_text = t("Delete photo"); } $menu->append($options_menu = Menu::factory("submenu") @@ -309,7 +312,7 @@ class gallery_event_Core { ->append( Menu::factory("dialog") ->id("delete") - ->label(t("Delete this photo")) + ->label($delete_text) ->css_class("ui-icon-trash") ->css_class("g-quick-delete") ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); -- cgit v1.2.3 From e4d397d30118a3d673b146c44ed329efa08bbefe Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:21:14 -0700 Subject: Make the trailing slash on the url optional. Sometimes it is not there, so the regex doesn't match --- modules/gallery/config/routes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/config/routes.php b/modules/gallery/config/routes.php index 55d3cf6c..e1ea9612 100644 --- a/modules/gallery/config/routes.php +++ b/modules/gallery/config/routes.php @@ -23,10 +23,10 @@ $config["^admin_.*"] = null; // Redirect /form/add/admin/controller and /form/edit/admin/controller to // admin/controller/form_(add|edit)/parms. provides the same as below for admin pages -$config["^form/(edit|add)/admin/(\w+)/(.*)$"] = "admin/$2/form_$1/$3"; +$config["^form/(edit|add)/admin/(\w+)/?(.*)$"] = "admin/$2/form_$1/$3"; // Redirect /form/add and /form/edit to the module/form_(add|edit)/parms. -$config["^form/(edit|add)/(\w+)/(.*)$"] = "$2/form_$1/$3"; +$config["^form/(edit|add)/(\w+)/?(.*)$"] = "$2/form_$1/$3"; // Default page is the root album $config["_default"] = "albums"; -- cgit v1.2.3 From 8493a3d36f597e183490ae880b35a3d98f50a045 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:23:17 -0700 Subject: If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog. --- lib/gallery.dialog.js | 3 ++- modules/gallery/controllers/admin.php | 11 ++++++-- modules/gallery/controllers/reauthenticate.php | 20 ++------------ modules/gallery/helpers/reauthenticate.php | 36 ++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 21 deletions(-) create mode 100644 modules/gallery/helpers/reauthenticate.php (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 6ec8c634..dd1a5663 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -26,7 +26,8 @@ $("#g-dialog").gallery_show_loading(); - $.get(sHref, function(data) { + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + $.get(url, function(data) { $("#g-dialog").html(data).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..d9bee284 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,7 +38,8 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - return self::_prompt_for_reauth($controller_name, $args); + print self::_prompt_for_reauth($controller_name, $args); + return; } if (request::method() == "post") { @@ -85,7 +86,13 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - url::redirect("reauthenticate"); + + // Check that we we not in a dialog. If we are, then use an ajax response. + if (strpos(Router::$query_string, "g-in-dialog") === false) { + url::redirect("reauthenticate"); + } else { + return reauthenticate::get_authenticate_form(); + } } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index acb27f6a..9ddaff2e 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,7 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(self::_form()); + return self::_show_form(reauthenticate::get_authenticate_form()); } public function auth() { @@ -31,7 +31,7 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $form = self::_form(); + $form = reauthenticate::get_authenticate_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { @@ -54,20 +54,4 @@ class Reauthenticate_Controller extends Controller { $view->content->user_name = identity::active_user()->name; print $view; } - - private static function _form() { - $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); - $group = $form->group("reauthenticate")->label(t("Re-authenticate")); - $group->password("password")->label(t("Password"))->id("g-password")->class(null) - ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") - ->error_messages("invalid_password", t("Incorrect password")) - ->error_messages( - "too_many_failed_auth_attempts", - t("Too many incorrect passwords. Try again later")); - $group->submit("")->value(t("Submit")); - return $form; - } } diff --git a/modules/gallery/helpers/reauthenticate.php b/modules/gallery/helpers/reauthenticate.php new file mode 100644 index 00000000..1ad90e15 --- /dev/null +++ b/modules/gallery/helpers/reauthenticate.php @@ -0,0 +1,36 @@ + "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } +} -- cgit v1.2.3 From 45b210c2879d93067f3d903b83cd56d392c75156 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 5 Jul 2010 08:44:46 -0700 Subject: Add maessage when we automatically log you out of the admin area. --- modules/gallery/controllers/admin.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..40dd260b 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -74,6 +74,7 @@ class Admin_Controller extends Controller { $result = new stdClass(); $result->result = "success"; if ($time_remaining < 30) { + message::success(t("Automatically logged out of the admin area for your security")); $result->location = url::abs_site(""); } -- cgit v1.2.3 From 226d1f714635995722fe7927f8ec049fe3890011 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:58:36 -0700 Subject: Revert "If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog." This reverts commit 8493a3d36f597e183490ae880b35a3d98f50a045. --- lib/gallery.dialog.js | 3 +-- modules/gallery/controllers/admin.php | 11 ++------ modules/gallery/controllers/reauthenticate.php | 20 ++++++++++++-- modules/gallery/helpers/reauthenticate.php | 36 -------------------------- 4 files changed, 21 insertions(+), 49 deletions(-) delete mode 100644 modules/gallery/helpers/reauthenticate.php (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index dd1a5663..6ec8c634 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -26,8 +26,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; - $.get(url, function(data) { + $.get(sHref, function(data) { $("#g-dialog").html(data).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index d9bee284..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,8 +38,7 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - print self::_prompt_for_reauth($controller_name, $args); - return; + return self::_prompt_for_reauth($controller_name, $args); } if (request::method() == "post") { @@ -86,13 +85,7 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - - // Check that we we not in a dialog. If we are, then use an ajax response. - if (strpos(Router::$query_string, "g-in-dialog") === false) { - url::redirect("reauthenticate"); - } else { - return reauthenticate::get_authenticate_form(); - } + url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 9ddaff2e..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,7 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(reauthenticate::get_authenticate_form()); + return self::_show_form(self::_form()); } public function auth() { @@ -31,7 +31,7 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $form = reauthenticate::get_authenticate_form(); + $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { @@ -54,4 +54,20 @@ class Reauthenticate_Controller extends Controller { $view->content->user_name = identity::active_user()->name; print $view; } + + private static function _form() { + $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } } diff --git a/modules/gallery/helpers/reauthenticate.php b/modules/gallery/helpers/reauthenticate.php deleted file mode 100644 index 1ad90e15..00000000 --- a/modules/gallery/helpers/reauthenticate.php +++ /dev/null @@ -1,36 +0,0 @@ - "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); - $group = $form->group("reauthenticate")->label(t("Re-authenticate")); - $group->password("password")->label(t("Password"))->id("g-password")->class(null) - ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") - ->error_messages("invalid_password", t("Incorrect password")) - ->error_messages( - "too_many_failed_auth_attempts", - t("Too many incorrect passwords. Try again later")); - $group->submit("")->value(t("Submit")); - return $form; - } -} -- cgit v1.2.3 From 67223fc43d1cfd5f33d4fc007935eaadb79a112e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:59:08 -0700 Subject: Revert "Make the trailing slash on the url optional. Sometimes it is not there, so the regex doesn't match" This reverts commit e4d397d30118a3d673b146c44ed329efa08bbefe. --- modules/gallery/config/routes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/config/routes.php b/modules/gallery/config/routes.php index e1ea9612..55d3cf6c 100644 --- a/modules/gallery/config/routes.php +++ b/modules/gallery/config/routes.php @@ -23,10 +23,10 @@ $config["^admin_.*"] = null; // Redirect /form/add/admin/controller and /form/edit/admin/controller to // admin/controller/form_(add|edit)/parms. provides the same as below for admin pages -$config["^form/(edit|add)/admin/(\w+)/?(.*)$"] = "admin/$2/form_$1/$3"; +$config["^form/(edit|add)/admin/(\w+)/(.*)$"] = "admin/$2/form_$1/$3"; // Redirect /form/add and /form/edit to the module/form_(add|edit)/parms. -$config["^form/(edit|add)/(\w+)/?(.*)$"] = "$2/form_$1/$3"; +$config["^form/(edit|add)/(\w+)/(.*)$"] = "$2/form_$1/$3"; // Default page is the root album $config["_default"] = "albums"; -- cgit v1.2.3 From 1d40c62f53b37445b5f62a65ce76f4b3ecfb2d4f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 5 Jul 2010 19:46:19 -0700 Subject: Updated version for RC2 --- README | 9 +++++---- modules/gallery/helpers/gallery.php | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/README b/README index a00d18cb..67efff4b 100644 --- a/README +++ b/README @@ -9,10 +9,11 @@ interface. SECURITY (& INTENDED AUDIENCE): -This is the second release candidate of Gallery 3.0. We're putting it -out there so that we can find out if we overlooked any small things. -We expect the final version to be virtually identical. You can -install it on public websites and use it freely -- we recommend it! +This is the second (and hopefully final) release candidate of Gallery +3.0. We're putting it out there so that we can find out if we +overlooked any small things. We expect the final version to be +virtually identical. You can install it on public websites and use it +freely -- we recommend it! Note: - We've contracted a professional security audit, received their results diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 7f7db10b..d4078209 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0 RC1 (Santa Fe)"; + const VERSION = "3.0 RC2 (Santa Fe)"; /** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is -- cgit v1.2.3 From eee8c27f2666d65c03c36698a612a055e9b55d5e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 08:43:02 -0700 Subject: Correct the controller auth golden file from when the simple_uploader was renamed to flash_uploader --- modules/gallery/tests/controller_auth_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 8263f79d..f7ceed90 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,6 +9,8 @@ modules/gallery/controllers/albums.php show modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php start DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php finish DIRTY_AUTH modules/gallery/controllers/login.php ajax DIRTY_AUTH modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH @@ -16,8 +18,6 @@ modules/gallery/controllers/login.php auth_html modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF -modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH -modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH modules/gallery/controllers/upgrader.php index DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH -- cgit v1.2.3 From 9d66783f47636153bf3661d1d89e694dd5188c36 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 09:48:37 -0700 Subject: Update the xss golden file --- modules/gallery/tests/xss_data.txt | 64 +++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 4ead8a3f..26edaebc 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -28,11 +28,11 @@ modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed- modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri modules/comment/views/comment.mrss.php 21 DIRTY $pub_date modules/comment/views/comment.mrss.php 22 DIRTY $pub_date -modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri -modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date -modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width +modules/comment/views/comment.mrss.php 28 DIRTY $comment->item_uri +modules/comment/views/comment.mrss.php 29 DIRTY $comment->pub_date +modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $comment->thumb_url +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $comment->thumb_height +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $comment->thumb_width modules/comment/views/comments.html.php 28 DIRTY_ATTR $comment->id modules/comment/views/comments.html.php 31 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id @@ -109,7 +109,7 @@ modules/gallery/views/admin_sidebar.html.php 50 DIRTY $avail modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY $text -modules/gallery/views/admin_theme_options.html.php 6 DIRTY $form +modules/gallery/views/admin_theme_options.html.php 36 DIRTY $form modules/gallery/views/admin_themes.html.php 3 DIRTY_JS url::site("admin/themes/choose") modules/gallery/views/admin_themes.html.php 5 DIRTY_JS $csrf modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->name @@ -120,7 +120,7 @@ modules/gallery/views/admin_themes.html.php 60 DIRTY $theme modules/gallery/views/admin_themes.html.php 62 DIRTY $themes[$admin]->description modules/gallery/views/admin_themes.html.php 76 DIRTY $info->name modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description -modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url +modules/gallery/views/admin_themes_preview.html.php 8 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form modules/gallery/views/error_admin.html.php 150 DIRTY $type modules/gallery/views/error_admin.html.php 150 DIRTY $code @@ -167,7 +167,7 @@ modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 257 DIRTY $key modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("flash_uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) @@ -190,7 +190,7 @@ modules/gallery/views/l10n_client.html.php 58 DIRTY form:: modules/gallery/views/l10n_client.html.php 62 DIRTY form::textarea("l10n-edit-plural-translation-many","",' rows="2"') modules/gallery/views/l10n_client.html.php 67 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"') modules/gallery/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset") -modules/gallery/views/login_ajax.html.php 37 DIRTY $form +modules/gallery/views/login_ajax.html.php 44 DIRTY $form modules/gallery/views/maintenance.html.php 46 DIRTY auth::get_login_form("login/auth_html") modules/gallery/views/menu.html.php 4 DIRTY $menu->css_id?"id='$menu->css_id'":"" modules/gallery/views/menu.html.php 4 DIRTY_ATTR $menu->css_class @@ -298,26 +298,26 @@ modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed- modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri modules/rss/views/feed.mrss.php 21 DIRTY $pub_date modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); -modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 58 DIRTY_ATTR @filesize($child->resize_path()) -modules/rss/views/feed.mrss.php 59 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 60 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 61 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 66 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$item->created); +modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $item->resize_url(true) +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_height +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_width +modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $item->thumb_url(true) +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $item->thumb_height +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $item->thumb_width +modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $item->thumb_url(true) +modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $item->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $item->thumb_width +modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $item->resize_url(true) +modules/rss/views/feed.mrss.php 58 DIRTY_ATTR @filesize($item->resize_path()) +modules/rss/views/feed.mrss.php 59 DIRTY_ATTR $item->mime_type +modules/rss/views/feed.mrss.php 60 DIRTY_ATTR $item->resize_height +modules/rss/views/feed.mrss.php 61 DIRTY_ATTR $item->resize_width +modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $item->file_url(true) +modules/rss/views/feed.mrss.php 66 DIRTY_ATTR @filesize($item->file_path()) +modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $item->mime_type +modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height +modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) modules/search/views/search.html.php 27 DIRTY_ATTR $item_class modules/search/views/search.html.php 28 DIRTY_JS $item->url() @@ -406,9 +406,9 @@ themes/wind/views/page.html.php 81 DIRTY $heade themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() themes/wind/views/page.html.php 108 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 124 DIRTY $content -themes/wind/views/page.html.php 130 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 137 DIRTY $footer_text +themes/wind/views/page.html.php 126 DIRTY $content +themes/wind/views/page.html.php 132 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 139 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From dbf3199e46d8a9c0ae37108f6afda35232ef4cdd Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 14:12:00 -0700 Subject: Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers that create the data to go into a dialog to return the html as part of a json object. --- lib/gallery.dialog.js | 5 +++-- modules/exif/controllers/exif.php | 2 +- modules/gallery/controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 6 +++--- modules/gallery/controllers/admin_themes.php | 2 +- modules/gallery/controllers/albums.php | 4 ++-- modules/gallery/controllers/flash_uploader.php | 3 ++- modules/gallery/controllers/login.php | 2 +- modules/gallery/controllers/move.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/photos.php | 6 +++--- modules/gallery/controllers/quick.php | 17 +++++------------ modules/gallery/controllers/user_profile.php | 2 +- modules/gallery/tests/xss_data.txt | 1 + modules/gallery/views/move_browse.html.php | 13 ++++++++----- modules/gallery/views/quick_delete_confirm.html.php | 12 ++++++++++++ modules/organize/controllers/organize.php | 2 +- modules/server_add/controllers/server_add.php | 2 +- modules/tag/controllers/admin_tags.php | 2 +- modules/user/controllers/admin_users.php | 12 ++++++------ modules/user/controllers/users.php | 6 +++--- modules/watermark/controllers/admin_watermarks.php | 6 +++--- 23 files changed, 62 insertions(+), 51 deletions(-) create mode 100644 modules/gallery/views/quick_delete_confirm.html.php (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 6ec8c634..1e91e3ae 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -1,3 +1,4 @@ + (function($) { $.widget("ui.gallery_dialog", { _init: function() { @@ -26,8 +27,8 @@ $("#g-dialog").gallery_show_loading(); - $.get(sHref, function(data) { - $("#g-dialog").html(data).gallery_show_loading(); + $.getJSON(sHref, function(data) { + $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { self.form_loaded(null, $("#g-dialog form")); diff --git a/modules/exif/controllers/exif.php b/modules/exif/controllers/exif.php index 2fe875e3..fe5b2ff4 100644 --- a/modules/exif/controllers/exif.php +++ b/modules/exif/controllers/exif.php @@ -28,6 +28,6 @@ class Exif_Controller extends Controller { $view = new View("exif_dialog.html"); $view->details = exif::get($item); - print $view; + print json_encode(array("form" => (string) $view)); } } diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 6f4e9403..2bbbdf50 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -39,7 +39,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { $group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1); $group->textarea("value")->label(t("Value"))->value($value); $group->submit("")->value(t("Save")); - print $form; + print json_encode(array("form" => (string) $form)); } public function save($module_name, $var_name) { diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index d6a2d191..489f5d54 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -64,7 +64,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name started (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print $view; + print json_encode(array("form" => (string) $view)); } /** @@ -86,7 +86,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name resumed (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print $view; + print json_encode(array("form" => (string) $view)); } /** @@ -103,7 +103,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view = new View("admin_maintenance_show_log.html"); $view->task = $task; - print $view; + print json_encode(array("form" => (string) $view)); } /** diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php index e59eadaf..b1bd438f 100644 --- a/modules/gallery/controllers/admin_themes.php +++ b/modules/gallery/controllers/admin_themes.php @@ -52,7 +52,7 @@ class Admin_Themes_Controller extends Admin_Controller { } else { $view->url = item::root()->url("theme=$theme_name"); } - print $view; + print json_encode(array("form" => (string) $view)); } public function choose($type, $theme_name) { diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index eaa09be5..8aed1341 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -168,7 +168,7 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("add", $album); - print album::get_add_form($album); + print json_encode(array("form" => (string) album::get_add_form($album))); } public function form_edit($album_id) { @@ -176,6 +176,6 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - print album::get_edit_form($album); + print json_encode(array("form" => (string) album::get_edit_form($album))); } } diff --git a/modules/gallery/controllers/flash_uploader.php b/modules/gallery/controllers/flash_uploader.php index f7da5124..be3896cd 100644 --- a/modules/gallery/controllers/flash_uploader.php +++ b/modules/gallery/controllers/flash_uploader.php @@ -26,7 +26,8 @@ class Flash_Uploader_Controller extends Controller { $item = $item->parent(); } - print $this->_get_add_form($item); + print json_encode(array("form" => (string)$this->_get_add_form($item))); + //print $this->_get_add_form($item); } public function start() { diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 2b60316b..b823504b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -22,7 +22,7 @@ class Login_Controller extends Controller { public function ajax() { $view = new View("login_ajax.html"); $view->form = auth::get_login_form("login/auth_ajax"); - print $view; + print json_encode(array("form" => (string) $view)); } public function auth_ajax() { diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index f8b85b6f..a99ef341 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -26,7 +26,7 @@ class Move_Controller extends Controller { $view = new View("move_browse.html"); $view->source = $source; $view->tree = $this->_get_tree_html($source, ORM::factory("item", 1)); - print $view; + print json_encode(array("form" => (string) $view)); } public function save($source_id) { diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 16d22d90..c18dbcde 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -102,6 +102,6 @@ class Movies_Controller extends Items_Controller { access::required("view", $movie); access::required("edit", $movie); - print movie::get_edit_form($movie); + print json_encode(array("form" => (string) movie::get_edit_form($movie))); } } diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index fc06cb44..8fdda7b2 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -33,7 +33,7 @@ class Permissions_Controller extends Controller { $view->parents = $item->parents(); $view->form = $this->_get_form($item); - print $view; + print json_encode(array("form" => (string) $view)); } function form($id) { diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index f336d07c..9f17cebb 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -24,9 +24,9 @@ class Photos_Controller extends Items_Controller { // sure that we're actually receiving an object throw new Kohana_404_Exception(); } - + access::required("view", $photo); - + $where = array(array("type", "!=", "album")); $position = $photo->parent()->get_position($photo, $where); if ($position > 1) { @@ -102,6 +102,6 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - print photo::get_edit_form($photo); + print json_encode(array("form" => (string) photo::get_edit_form($photo))); } } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 6cfbbc62..7df5bf18 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -90,17 +90,10 @@ class Quick_Controller extends Controller { access::required("view", $item); access::required("edit", $item); - if ($item->is_album()) { - print t( - "Delete the album %title? All photos and movies in the album will also be deleted.", - array("title" => html::purify($item->title))); - } else { - print t("Are you sure you want to delete %title?", - array("title" => html::purify($item->title))); - } - - $form = item::get_delete_form($item); - print $form; + $v = new View("quick_delete_confirm.html"); + $v->item = $item; + $v->form = item::get_delete_form($item); + print json_encode(array("form" => (string) $v)); } public function delete($id) { @@ -149,6 +142,6 @@ class Quick_Controller extends Controller { // Pass on the source item where this form was generated, so we have an idea where to return to. $form->hidden("from_id")->value((int)Input::instance()->get("from_id", 0)); - print $form; + print json_encode(array("form" => (string) $form)); } } diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index c064e791..431918ff 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -44,7 +44,7 @@ class User_Profile_Controller extends Controller { public function contact($id) { $user = identity::lookup_user($id); - print user_profile::get_contact_form($user); + print json_encode(array("form" => (string) user_profile::get_contact_form($user))); } public function send($id) { diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 26edaebc..475f75c1 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -253,6 +253,7 @@ modules/gallery/views/permissions_form.html.php 75 DIRTY_JS $item- modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $group->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permission->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id +modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" diff --git a/modules/gallery/views/move_browse.html.php b/modules/gallery/views/move_browse.html.php index ce3fc2fd..f77c724c 100644 --- a/modules/gallery/views/move_browse.html.php +++ b/modules/gallery/views/move_browse.html.php @@ -1,4 +1,5 @@ +
    -

    +

    type == "photo"): ?> - + type == "movie"): ?> - + type == "album"): ?> - +

    @@ -42,6 +43,8 @@
    id") ?>"> - for_html_attr() ?>" disabled="disabled"/> + for_html_attr() ?>" + disabled="disabled" class="submit" />
    +
    diff --git a/modules/gallery/views/quick_delete_confirm.html.php b/modules/gallery/views/quick_delete_confirm.html.php new file mode 100644 index 00000000..176ffb96 --- /dev/null +++ b/modules/gallery/views/quick_delete_confirm.html.php @@ -0,0 +1,12 @@ + +
    +

    + is_album()): ?> + %title? All photos and movies in the album will also be deleted.", + array("title" => html::purify($item->title))) ?> + + %title?", array("title" => html::purify($item->title))) ?> + +

    + +
    diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 135a6fc9..ebd40c8d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -47,7 +47,7 @@ class Organize_Controller extends Controller { $v->controller_uri = url::site("organize") . "/"; $v->swf_uri = url::file("modules/organize/lib/Gallery3WebClient.swf?") . filemtime(MODPATH . "organize/lib/Gallery3WebClient.swf"); - print $v; + print json_encode(array("form" => (string) $v)); } function add_album_fields() { diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 715274ab..d6c2459d 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -30,7 +30,7 @@ class Server_Add_Controller extends Admin_Controller { $view->tree = new View("server_add_tree.html"); $view->tree->files = $files; $view->tree->parents = array(); - print $view; + print json_encode(array("form" => (string) $view)); } public function children() { diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 9e875d14..c2da7bc3 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -37,7 +37,7 @@ class Admin_Tags_Controller extends Admin_Controller { public function form_delete($id) { $tag = ORM::factory("tag", $id); if ($tag->loaded()) { - print tag::get_delete_form($tag); + print json_encode(array("form" => (string) tag::get_delete_form($tag))); } } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index e14be393..b9d06891 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -61,7 +61,7 @@ class Admin_Users_Controller extends Admin_Controller { } public function add_user_form() { - print $this->_get_user_add_form_admin(); + print json_encode(array("form" => (string) $this->_get_user_add_form_admin())); } public function delete_user($id) { @@ -95,7 +95,7 @@ class Admin_Users_Controller extends Admin_Controller { if (empty($user)) { throw new Kohana_404_Exception(); } - print $this->_get_user_delete_form_admin($user); + print json_encode(array("form" => (string) $this->_get_user_delete_form_admin($user))); } public function edit_user($id) { @@ -146,7 +146,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_user_edit_form_admin($user); + print json_encode(array("form" => (string) $this->_get_user_edit_form_admin($user))); } public function add_user_to_group($user_id, $group_id) { @@ -199,7 +199,7 @@ class Admin_Users_Controller extends Admin_Controller { } public function add_group_form() { - print $this->_get_group_add_form_admin(); + print json_encode(array("form" => (string) $this->_get_group_add_form_admin())); } public function delete_group($id) { @@ -230,7 +230,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_group_delete_form_admin($group); + print json_encode(array("form" => (string) $this->_get_group_delete_form_admin($group))); } public function edit_group($id) { @@ -272,7 +272,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_group_edit_form_admin($group); + print json_encode(array("form" => (string) $this->_get_group_edit_form_admin($group))); } /* User Form Definitions */ diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 7f3f6b1f..4ddfb47c 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -139,7 +139,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_edit_form($user); + print json_encode(array("form" => (string) $this->_get_edit_form($user))); } public function form_change_password($id) { @@ -148,7 +148,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_change_password_form($user); + print json_encode(array("form" => (string) $this->_get_change_password_form($user))); } public function form_change_email($id) { @@ -157,7 +157,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_change_email_form($user); + print json_encode(array("form" => (string) $this->_get_change_email_form($user))); } private function _get_change_password_form($user) { diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 18b463ca..8b217b4a 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -35,7 +35,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_edit() { - print watermark::get_edit_form(); + print json_encode(array("form" => (string) watermark::get_edit_form())); } public function edit() { @@ -58,7 +58,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_delete() { - print watermark::get_delete_form(); + print json_encode(array("form" => (string) watermark::get_delete_form())); } public function delete() { @@ -88,7 +88,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_add() { - print watermark::get_add_form(); + print json_encode(array("form" => (string) watermark::get_add_form())); } public function add() { -- cgit v1.2.3 From cb4e18f9dddd82a283f0208c694a9b4eb1a2eaca Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 14:59:27 -0700 Subject: Fix for ticket #1182. Remove the trailing slash and just let it be matched by the trailing (.*) group --- modules/gallery/config/routes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/config/routes.php b/modules/gallery/config/routes.php index 55d3cf6c..aa5d152b 100644 --- a/modules/gallery/config/routes.php +++ b/modules/gallery/config/routes.php @@ -23,10 +23,10 @@ $config["^admin_.*"] = null; // Redirect /form/add/admin/controller and /form/edit/admin/controller to // admin/controller/form_(add|edit)/parms. provides the same as below for admin pages -$config["^form/(edit|add)/admin/(\w+)/(.*)$"] = "admin/$2/form_$1/$3"; +$config["^form/(edit|add)/admin/(\w+)(.*)$"] = "admin/$2/form_$1/$3"; // Redirect /form/add and /form/edit to the module/form_(add|edit)/parms. -$config["^form/(edit|add)/(\w+)/(.*)$"] = "$2/form_$1/$3"; +$config["^form/(edit|add)/(\w+)(.*)$"] = "$2/form_$1/$3"; // Default page is the root album $config["_default"] = "albums"; -- cgit v1.2.3 From 9538b3888dadbe3a6fac72e2a97f97c7db3d86f2 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 7 Jul 2010 08:58:38 -0700 Subject: Fix for ticket #1176. Have the gallery.dialog code add a g-in-dialog parameter to the url to let the controller know its in a dialog. The reauthenticate controller will format the password prompt as a page or a form content. If authentication is successful, then the original controller is called instead of being redirected to. --- lib/gallery.dialog.js | 3 +- modules/gallery/controllers/admin.php | 8 +++-- modules/gallery/controllers/reauthenticate.php | 45 ++++++++++++++++++++++++-- 3 files changed, 50 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 1e91e3ae..e6bd7392 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,7 +27,8 @@ $("#g-dialog").gallery_show_loading(); - $.getJSON(sHref, function(data) { + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + $.getJSON(url, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 40dd260b..7d2a0c43 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -82,10 +82,14 @@ class Admin_Controller extends Controller { } private static function _prompt_for_reauth($controller_name, $args) { - if (request::method() == "get" && !request::is_ajax()) { + if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::abs_current(true)); + $reauthenticate = array("continue_url" => url::abs_current(true), + "in_dialog" => strpos(Router::$query_string, "g-in-dialog") !== false, + "controller" => $controller_name, "args" => $args); + Session::instance()->set("reauthenticate", $reauthenticate); } + url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index acb27f6a..fb1b13bc 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,12 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(self::_form()); + $reauthenticate = Session::instance()->get("reauthenticate", array()); + if (empty($reauthenticate["in_dialog"])) { + self::_show_form(self::_form()); + } else { + print json_encode(array("form" => (string) self::_form())); + } } public function auth() { @@ -31,18 +36,30 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); + $reauthenticate = Session::instance()->get("reauthenticate", array()); + Kohana_Log::add("error", Kohana::debug($reauthenticate)); + $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - url::redirect($form->continue_url->value); + Session::instance()->delete("reauthenticate"); + if (empty($reauthenticate["in_dialog"])) { + url::redirect($reauthenticate["continue_url"]); + } else { + self::_call_admin_function($reauthenticate); + } } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); module::event("user_auth_failed", $name); - return self::_show_form($form); + if (empty($reauthenticate["in_dialog"])) { + self::_show_form($form); + } else { + print json_encode(array("form" => (string) $form)); + } } } @@ -52,6 +69,7 @@ class Reauthenticate_Controller extends Controller { $view->content = new View("reauthenticate.html"); $view->content->form = $form; $view->content->user_name = identity::active_user()->name; + print $view; } @@ -70,4 +88,25 @@ class Reauthenticate_Controller extends Controller { $group->submit("")->value(t("Submit")); return $form; } + + private static function _call_admin_function($reauthenticate) { + $controller_name = $reauthenticate["controller"]; + $args = $reauthenticate["args"]; + if ($controller_name == "index") { + $controller_name = "dashboard"; + } + + $controller_name = "Admin_{$controller_name}_Controller"; + if ($args) { + $method = array_shift($args); + } else { + $method = "index"; + } + + if (!method_exists($controller_name, $method)) { + throw new Kohana_404_Exception(); + } + + call_user_func_array(array(new $controller_name, $method), $args); + } } -- cgit v1.2.3 From 72f801df7d507599e201a6cb47d4a0304e00f5de Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 8 Jul 2010 08:23:08 -0700 Subject: Only add the 'Successfully re-authenticated' message to the status if the admin page is not displayed in a dialog. --- modules/gallery/controllers/reauthenticate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index fb1b13bc..ef8855c5 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -43,10 +43,10 @@ class Reauthenticate_Controller extends Controller { $valid = $form->validate(); $user = identity::active_user(); if ($valid) { - message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); Session::instance()->delete("reauthenticate"); if (empty($reauthenticate["in_dialog"])) { + message::success(t("Successfully re-authenticated!")); url::redirect($reauthenticate["continue_url"]); } else { self::_call_admin_function($reauthenticate); -- cgit v1.2.3 From 591c5a11a396c6611a1e40f3c10253c5cfd78434 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 9 Jul 2010 06:08:20 -0700 Subject: Reset the postion option to center when the form data is reloaded, to force the dialog to recenter in case the contents have changed. --- lib/gallery.dialog.js | 1 + modules/gallery/views/form_uploadify.html.php | 2 ++ 2 files changed, 3 insertions(+) (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index e6bd7392..289345bc 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -119,6 +119,7 @@ if (data.form) { var formData = unescape(data.form); $("#g-dialog form").replaceWith(formData); + $("#g-dialog").dialog("option", "position", "center"); $("#g-dialog form :submit").removeClass("ui-state-disabled") .attr("disabled", null); self._ajaxify_dialog(); diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 588fa16d..4676fcef 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -88,6 +88,7 @@ +

    @@ -99,6 +100,7 @@

  • title) ?>
    • +
    -- cgit v1.2.3 From 213807a8073138a98b8daf9fe265e981454aaa50 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 9 Jul 2010 14:59:23 -0700 Subject: remove debugging statement --- modules/gallery/controllers/reauthenticate.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index ef8855c5..d35259e5 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,7 +37,6 @@ class Reauthenticate_Controller extends Controller { access::verify_csrf(); $reauthenticate = Session::instance()->get("reauthenticate", array()); - Kohana_Log::add("error", Kohana::debug($reauthenticate)); $form = self::_form(); $valid = $form->validate(); -- cgit v1.2.3 From 39962eaddc17f27eb1baa694ac588138439621d4 Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 4 Jul 2010 21:53:57 +0200 Subject: Accept extension .m4v as video/mp4 --- modules/gallery/controllers/file_proxy.php | 4 ++-- modules/gallery/controllers/flash_uploader.php | 4 ++-- modules/gallery/models/item.php | 2 +- modules/gallery/views/form_uploadify.html.php | 2 +- modules/organize/controllers/organize.php | 2 +- modules/server_add/controllers/server_add.php | 6 +++--- 6 files changed, 10 insertions(+), 10 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 32690fc0..bead9f3f 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -72,10 +72,10 @@ class File_Proxy_Controller extends Controller { // necessary, it's easily resurrected. // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail - // for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg. + // for a movie. In that case, the .flv, .mp4 or .m4v file would have been converted to a .jpg. // So try some alternate types: if (preg_match('/.jpg$/', $path)) { - foreach (array("flv", "mp4") as $ext) { + foreach (array("flv", "mp4", "m4v") as $ext) { $movie_path = preg_replace('/.jpg$/', ".$ext", $encoded_path); $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); if ($item->loaded()) { diff --git a/modules/gallery/controllers/flash_uploader.php b/modules/gallery/controllers/flash_uploader.php index f7da5124..bc8b964f 100644 --- a/modules/gallery/controllers/flash_uploader.php +++ b/modules/gallery/controllers/flash_uploader.php @@ -50,7 +50,7 @@ class Flash_Uploader_Controller extends Controller { // Uploadify adds its own field to the form, so validate that separately. $file_validation = new Validation($_FILES); $file_validation->add_rules( - "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4]"); + "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); @@ -63,7 +63,7 @@ class Flash_Uploader_Controller extends Controller { $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && - in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) { + in_array(strtolower($path_info["extension"]), array("flv", "mp4", "m4v"))) { $item->type = "movie"; $item->save(); log::success("content", t("Added a movie"), diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 4d05e4da..eb200fa5 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -364,7 +364,7 @@ class Item_Model extends ORM_MPTT { $this->name .= "." . $pi["extension"]; } - $this->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv"; + $this->mime_type = in_array(strtolower($pi["extension"]), array("mp4", "m4v")) ? "video/mp4" : "video/x-flv"; } } diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 588fa16d..6b8ed09c 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -9,7 +9,7 @@ uploader: "", script: "id}") ?>", scriptData: , - fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4", + fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.m4v;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4;*.M4V", fileDesc: for_js() ?>, cancelImg: "", simUploadLimit: , diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 135a6fc9..557b3d67 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -34,7 +34,7 @@ class Organize_Controller extends Controller { $file_filter = json_encode( array("photo" => array("label" => "Images", "types" => array("*.jpg", "*.jpeg", "*.png", "*.gif")), - "movie" => array("label" => "Movies", "types" => array("*.flv", "*.mp4")))); + "movie" => array("label" => "Movies", "types" => array("*.flv", "*.mp4", "*.m4v")))); $v = new View("organize_dialog.html"); $v->album = $album; diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 715274ab..0a691c8a 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -55,7 +55,7 @@ class Server_Add_Controller extends Admin_Controller { } if (!is_dir($file)) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); - if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4"))) { + if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v"))) { continue; } } @@ -162,7 +162,7 @@ class Server_Add_Controller extends Admin_Controller { $queue[] = array($child, $entry_id); } else { $ext = strtolower(pathinfo($child, PATHINFO_EXTENSION)); - if (in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4")) && + if (in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v")) && filesize($child) > 0) { $child_entry = ORM::factory("server_add_file"); $child_entry->task_id = $task->id; @@ -249,7 +249,7 @@ class Server_Add_Controller extends Admin_Controller { $photo->owner_id = $owner_id; $photo->save(); $entry->item_id = $photo->id; - } else if (in_array($extension, array("flv", "mp4"))) { + } else if (in_array($extension, array("flv", "mp4", "m4v"))) { $movie = ORM::factory("item"); $movie->type = "movie"; $movie->parent_id = $parent->id; -- cgit v1.2.3 From 307e47c3d01c1bbbe294b8339a2f531a5156eb90 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 11:45:45 -0700 Subject: Pass along the from_id when editing albums in the context menu, and also pass it along in the form creation code. This fixes ticket #1183. --- modules/gallery/helpers/album.php | 2 +- modules/gallery/helpers/gallery_event.php | 17 ++++++++--------- modules/gallery/helpers/movie.php | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 0baae631..0ac5e8b0 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -58,7 +58,7 @@ class album_Core { static function get_edit_form($parent) { $form = new Forge( "albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form")); - $form->hidden("from_id"); + $form->hidden("from_id")->value($parent->id); $group = $form->group("edit_item")->label(t("Edit Album")); $group->input("title")->label(t("Title"))->value($parent->title) diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 272fd205..ba6dd99d 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -249,7 +249,7 @@ class gallery_event_Core { $options_menu->append(Menu::factory("dialog") ->id("edit_item") ->label($edit_text) - ->url(url::site("form/edit/{$item->type}s/$item->id"))); + ->url(url::site("form/edit/{$item->type}s/$item->id?from_id={$item->id}"))); } if ($item->is_album()) { @@ -263,7 +263,6 @@ class gallery_event_Core { } $csrf = access::csrf_token(); - $theme_item = $theme->item(); $page_type = $theme->page_type(); if ($can_edit && $item->is_photo() && graphics::can("rotate")) { $options_menu @@ -274,7 +273,7 @@ class gallery_event_Core { ->css_class("ui-icon-rotate-ccw") ->ajax_handler("function(data) { " . "\$.gallery_replace_image(data, \$('$item_css_selector')) }") - ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))) + ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id={$item->id}&page_type=$page_type"))) ->append( Menu::factory("ajax_link") ->id("rotate_cw") @@ -282,7 +281,7 @@ class gallery_event_Core { ->css_class("ui-icon-rotate-cw") ->ajax_handler("function(data) { " . "\$.gallery_replace_image(data, \$('$item_css_selector')) }") - ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); + ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id={$item->id}&page_type=$page_type"))); } if ($item->id != item::root()->id) { @@ -315,7 +314,7 @@ class gallery_event_Core { ->label($delete_text) ->css_class("ui-icon-trash") ->css_class("g-quick-delete") - ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); + ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id={$item->id}&page_type=$page_type"))); } } } @@ -416,7 +415,7 @@ class gallery_event_Core { ->id("edit") ->label($edit_title) ->css_class("ui-icon-pencil") - ->url(url::site("quick/form_edit/$item->id?from_id=$theme_item->id"))); + ->url(url::site("quick/form_edit/$item->id?from_id={$theme_item->id}"))); if ($item->is_photo() && graphics::can("rotate")) { $options_menu @@ -427,7 +426,7 @@ class gallery_event_Core { ->css_class("ui-icon-rotate-ccw") ->ajax_handler("function(data) { " . "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }") - ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))) + ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id={$theme_item->id}&page_type=$page_type"))) ->append( Menu::factory("ajax_link") ->id("rotate_cw") @@ -435,7 +434,7 @@ class gallery_event_Core { ->css_class("ui-icon-rotate-cw") ->ajax_handler("function(data) { " . "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }") - ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); + ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id={$theme_item->id}&page_type=$page_type"))); } // @todo Don't move photos from the photo page; we don't yet have a good way of redirecting @@ -474,7 +473,7 @@ class gallery_event_Core { ->id("delete") ->label($delete_title) ->css_class("ui-icon-trash") - ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); + ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id={$theme_item->id}&page_type=$page_type"))); } if ($item->is_album()) { diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 6333eaf2..bbb5b66c 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -26,7 +26,7 @@ class movie_Core { static function get_edit_form($movie) { $form = new Forge("movies/update/$movie->id", "", "post", array("id" => "g-edit-movie-form")); - $form->hidden("from_id"); + $form->hidden("from_id")->value($movie->id); $group = $form->group("edit_item")->label(t("Edit Movie")); $group->input("title")->label(t("Title"))->value($movie->title) ->error_messages("required", t("You must provide a title")) -- cgit v1.2.3 From 7ca201b11819ca5bfbcbe76f43bfe7d706c0f27f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 11:59:29 -0700 Subject: Pass along the from_id in item::get_delete_form() and then check to see if we're deleting the album we're inside in quick::delete. If we delete the album we're currently viewing, redirect to the parent. This fixes ticket #1185. --- modules/gallery/controllers/quick.php | 4 +++- modules/gallery/helpers/item.php | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 6cfbbc62..52f15e7d 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -119,7 +119,9 @@ class Quick_Controller extends Controller { $item->delete(); message::success($msg); - if (Input::instance()->get("page_type") == "collection") { + $from_id = Input::instance()->get("from_id"); + if (Input::instance()->get("page_type") == "collection" && + $from_id != $id /* deleted the item we were viewing */) { print json_encode(array("result" => "success", "reload" => 1)); } else { print json_encode(array("result" => "success", diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index aef68c6e..8fea49cc 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -158,8 +158,10 @@ class item_Core { */ static function get_delete_form($item) { $page_type = Input::instance()->get("page_type"); + $from_id = Input::instance()->get("from_id"); $form = new Forge( - "quick/delete/$item->id?page_type=$page_type", "", "post", array("id" => "g-confirm-delete")); + "quick/delete/$item->id?page_type=$page_type&from_id=$from_id", "", + "post", array("id" => "g-confirm-delete")); $group = $form->group("confirm_delete")->label(t("Confirm Deletion")); $group->submit("")->value(t("Delete")); $form->script("") -- cgit v1.2.3 From fe8cb89ac4d4294fcd8c28a0d16b25226b4f2e25 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 14:03:46 -0700 Subject: Cast the status message to a string so that it gets sent down as a string in the json blob. Fixes ticket #1198. --- modules/server_add/controllers/server_add.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 0a691c8a..62c01143 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -93,7 +93,7 @@ class Server_Add_Controller extends Admin_Controller { print json_encode( array("result" => "started", - "status" => $task->status, + "status" => (string)$task->status, "url" => url::site("server_add/run/$task->id?csrf=" . access::csrf_token()))); } @@ -112,7 +112,7 @@ class Server_Add_Controller extends Admin_Controller { // Prevent the JavaScript code from breaking by forcing a period as // decimal separator for all locales with sprintf("%F", $value). print json_encode(array("done" => (bool)$task->done, - "status" => $task->status, + "status" => (string)$task->status, "percent_complete" => sprintf("%F", $task->percent_complete))); } -- cgit v1.2.3 From 0a42d74d5564efdfbbc7c575211d0954d7a01488 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 15:10:13 -0700 Subject: Reset the time limit to 30 seconds every time we delete a child. Fixes ticket #1199. --- modules/gallery/libraries/ORM_MPTT.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index e5b8ecd4..3a780d9e 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -92,6 +92,7 @@ class ORM_MPTT_Core extends ORM { // Deleting children affects the MPTT tree, so we have to reload each child before we // delete it so that we have current left_ptr/right_ptr pointers. This is inefficient. // @todo load each child once, not twice. + set_time_limit(30); $item->reload()->delete(); } -- cgit v1.2.3 From b7cd2f73c55d600935548abb1282444a592e20a0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 15:18:54 -0700 Subject: PHPDoc fix. --- modules/gallery/libraries/ORM_MPTT.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index 3a780d9e..d8d88e4e 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -176,7 +176,7 @@ class ORM_MPTT_Core extends ORM { } /** - * Return all of the children of this node, ordered by id. + * Return the number of children of this node. * * @chainable * @param array additional where clauses -- cgit v1.2.3 From b20f9123dc0cc4bc70597910e12eb18ec0eef2c2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 18:25:23 -0700 Subject: Wrap album deletes in a batch so that we can handle lots of cascading deletes in bulk. This lets us avoid the problem where we continually choose and delete album covers which makes deletes really slow. It probably also avoids huge amounts of notification emails (untested). Fixes ticket #1190. --- modules/gallery/controllers/quick.php | 11 ++++++++++- modules/gallery/helpers/gallery_event.php | 33 +++++++++++++++++++++++++------ 2 files changed, 37 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 52f15e7d..08a33138 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -116,7 +116,16 @@ class Quick_Controller extends Controller { } $parent = $item->parent(); - $item->delete(); + + if ($item->is_album()) { + // Album delete will trigger deletes for all children. Do this in a batch so that we can be + // smart about notifications, album cover updates, etc. + batch::start(); + $item->delete(); + batch::stop(); + } else { + $item->delete(); + } message::success($msg); $from_id = Input::instance()->get("from_id"); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index ba6dd99d..60520690 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -109,14 +109,35 @@ class gallery_event_Core { $parent = $item->parent(); if (!$parent->album_cover_item_id) { - // Assume we deleted the album cover and pick a new one. Choosing the first photo in the - // album is logical, but it's not the most efficient in the case where we're deleting all - // the photos in the album one at a time since we'll probably delete them in order which - // means that we'll be resetting the album cover each time. - if ($child = $parent->children(1)->current()) { - item::make_album_cover($child); + // Assume that we deleted the album cover + if (batch::in_progress()) { + // Remember that this parent is missing an album cover, for later. + $batch_missing_album_cover = Session::instance()->get("batch_missing_album_cover", array()); + $batch_missing_album_cover[$parent->id] = 1; + Session::instance()->set("batch_missing_album_cover", $batch_missing_album_cover); + } else { + // Choose the first child as the new cover. + if ($child = $parent->children(1)->current()) { + item::make_album_cover($child); + } + } + } + } + + static function batch_complete() { + // Set the album covers for any items that where we probably deleted the album cover during + // this batch. The item may have been deleted, so don't count on it being around. Choose the + // first child as the new album cover. + // NOTE: if the first child doesn't have an album cover, then this won't work. + foreach (array_keys(Session::instance()->get("batch_missing_album_cover", array())) as $id) { + $item = ORM::factory("item", $id); + if ($item->loaded() && !$item->album_cover_item_id) { + if ($child = $item->children(1)->current()) { + item::make_album_cover($child); + } } } + Session::instance()->delete("batch_missing_album_cover"); } static function item_moved($item, $old_parent) { -- cgit v1.2.3 From eb19192c4e7b9433c16b1acc14fa5c1242e27bc1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 18:51:57 -0700 Subject: If the target of an item move has no album cover, make the newly moved item the album cover. Fixes ticket #1196. --- modules/gallery/helpers/gallery_event.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 60520690..76bd9ee7 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -142,6 +142,11 @@ class gallery_event_Core { static function item_moved($item, $old_parent) { access::recalculate_permissions($item->parent()); + + // If the new parent doesn't have an album cover, make this it. + if (!$item->parent()->album_cover_item_id) { + item::make_album_cover($item); + } } static function user_login($user) { -- cgit v1.2.3 From 0389dceb475597ecdedf519d27d6d7bb36aa6276 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 10 Jul 2010 21:29:34 -0700 Subject: Rotate all matching album covers when we rotate an item. Fixes ticket #1200. --- modules/gallery/controllers/quick.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 08a33138..dc0c380a 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -46,13 +46,14 @@ class Quick_Controller extends Controller { graphics::generate($item); - $parent = $item->parent(); - // @todo: this is an inadequate way to regenerate the parent's thumbnail after rotation. - if ($parent->album_cover_item_id == $item->id) { - copy($item->thumb_path(), $parent->thumb_path()); - $parent->thumb_width = $item->thumb_width; - $parent->thumb_height = $item->thumb_height; - $parent->save(); + // @todo: this is an inadequate way to regenerate album cover thumbnails after rotation. + foreach (ORM::factory("item") + ->where("album_cover_item_id", "=", $item->id) + ->find_all() as $target) { + copy($item->thumb_path(), $target->thumb_path()); + $target->thumb_width = $item->thumb_width; + $target->thumb_height = $item->thumb_height; + $target->save(); } } -- cgit v1.2.3 From 5eb4b8ff6cae33d83cfef8ea3d41cba4352e65d8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 13 Jul 2010 12:16:52 -0700 Subject: Check for the existence of uploadify() in the add_photos_form. The HTML uploader won't have that field. --- modules/tag/helpers/tag_event.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 7fe9fba3..0cc2170c 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -106,6 +106,10 @@ class tag_event_Core { } static function add_photos_form($album, $form) { + if (!isset($group->uploadify)) { + return; + } + $group = $form->add_photos; $group->input("tags") ->label(t("Add tags to all uploaded files")) @@ -125,6 +129,10 @@ class tag_event_Core { } static function add_photos_form_completed($album, $form) { + if (!isset($group->uploadify)) { + return; + } + foreach (explode(",", $form->add_photos->tags->value) as $tag_name) { $tag_name = trim($tag_name); if ($tag_name) { -- cgit v1.2.3 From 297f98fcee9d45d49f0d2bebfd22aabc7af4c60b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 13 Jul 2010 12:52:59 -0700 Subject: Fix reauth authentication to use the identity helper instead of the user helper directly. Else it doesn't work with LDAP and other identity systems. --- modules/gallery/controllers/reauthenticate.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index d35259e5..29387536 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -79,7 +79,7 @@ class Reauthenticate_Controller extends Controller { $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") + ->callback("Reauthenticate_Controller::valid_password") ->error_messages("invalid_password", t("Incorrect password")) ->error_messages( "too_many_failed_auth_attempts", @@ -108,4 +108,10 @@ class Reauthenticate_Controller extends Controller { call_user_func_array(array(new $controller_name, $method), $args); } + + static function valid_password($password_input) { + if (!identity::is_correct_password(identity::active_user(), $password_input->value)) { + $password_input->add_error("invalid_password", 1); + } + } } -- cgit v1.2.3 From 8065ab023df7a1bfb1534bbcdba8586b411a577d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 13 Jul 2010 13:42:00 -0700 Subject: Revert "Fix for ticket #1182. Remove the trailing slash and just let it be matched by the trailing (.*) group" This breaks adding new albums. I get the following in my error log: "2010-07-13 13:08:46 -07:00 --- error: Kohana_404_Exception [ 43 ]: The page you requested, form/add/albums/1?type=album&g-in-dialog, could not be found." This reverts commit cb4e18f9dddd82a283f0208c694a9b4eb1a2eaca. --- modules/gallery/config/routes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/config/routes.php b/modules/gallery/config/routes.php index aa5d152b..55d3cf6c 100644 --- a/modules/gallery/config/routes.php +++ b/modules/gallery/config/routes.php @@ -23,10 +23,10 @@ $config["^admin_.*"] = null; // Redirect /form/add/admin/controller and /form/edit/admin/controller to // admin/controller/form_(add|edit)/parms. provides the same as below for admin pages -$config["^form/(edit|add)/admin/(\w+)(.*)$"] = "admin/$2/form_$1/$3"; +$config["^form/(edit|add)/admin/(\w+)/(.*)$"] = "admin/$2/form_$1/$3"; // Redirect /form/add and /form/edit to the module/form_(add|edit)/parms. -$config["^form/(edit|add)/(\w+)(.*)$"] = "$2/form_$1/$3"; +$config["^form/(edit|add)/(\w+)/(.*)$"] = "$2/form_$1/$3"; // Default page is the root album $config["_default"] = "albums"; -- cgit v1.2.3 From fe2881a22aabd0ab5cb971809db6f325c3ce22d3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 15 Jul 2010 12:37:44 -0700 Subject: Rename Flash_Uploader to just Uploader. Modules that want to replace this will just replace the controller. This makes overriding that much easier in the future. --- modules/gallery/controllers/flash_uploader.php | 125 ------------------------- modules/gallery/controllers/uploader.php | 125 +++++++++++++++++++++++++ modules/gallery/helpers/gallery_event.php | 4 +- modules/gallery/views/form_uploadify.html.php | 2 +- themes/wind/views/album.html.php | 2 +- 5 files changed, 129 insertions(+), 129 deletions(-) delete mode 100644 modules/gallery/controllers/flash_uploader.php create mode 100644 modules/gallery/controllers/uploader.php (limited to 'modules') diff --git a/modules/gallery/controllers/flash_uploader.php b/modules/gallery/controllers/flash_uploader.php deleted file mode 100644 index 6bfdd851..00000000 --- a/modules/gallery/controllers/flash_uploader.php +++ /dev/null @@ -1,125 +0,0 @@ -is_album()) { - $item = $item->parent(); - } - - print json_encode(array("form" => (string)$this->_get_add_form($item))); - //print $this->_get_add_form($item); - } - - public function start() { - access::verify_csrf(); - batch::start(); - } - - public function add_photo($id) { - $album = ORM::factory("item", $id); - access::required("view", $album); - access::required("add", $album); - access::verify_csrf(); - - // The Flash uploader not call /start directly, so simulate it here for now. - if (!batch::in_progress()) { - batch::start(); - } - - $form = $this->_get_add_form($album); - - // Uploadify adds its own field to the form, so validate that separately. - $file_validation = new Validation($_FILES); - $file_validation->add_rules( - "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); - - if ($form->validate() && $file_validation->validate()) { - $temp_filename = upload::save("Filedata"); - try { - $item = ORM::factory("item"); - $item->name = substr(basename($temp_filename), 10); // Skip unique identifier Kohana adds - $item->title = item::convert_filename_to_title($item->name); - $item->parent_id = $album->id; - $item->set_data_file($temp_filename); - - $path_info = @pathinfo($temp_filename); - if (array_key_exists("extension", $path_info) && - in_array(strtolower($path_info["extension"]), array("flv", "mp4", "m4v"))) { - $item->type = "movie"; - $item->save(); - log::success("content", t("Added a movie"), - html::anchor("movies/$item->id", t("view movie"))); - } else { - $item->type = "photo"; - $item->save(); - log::success("content", t("Added a photo"), - html::anchor("photos/$item->id", t("view photo"))); - } - - module::event("add_photos_form_completed", $item, $form); - } catch (Exception $e) { - // The Flash uploader has no good way of reporting complex errors, so just keep it simple. - Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); - - // Ugh. I hate to use instanceof, But this beats catching the exception separately since - // we mostly want to treat it the same way as all other exceptions - if ($e instanceof ORM_Validation_Exception) { - Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); - } - - if (file_exists($temp_filename)) { - unlink($temp_filename); - } - header("HTTP/1.1 500 Internal Server Error"); - print "ERROR: " . $e->getMessage(); - return; - } - unlink($temp_filename); - print "FILEID: $item->id"; - } else { - header("HTTP/1.1 400 Bad Request"); - print "ERROR: " . t("Invalid upload"); - } - } - - public function finish() { - access::verify_csrf(); - - batch::stop(); - print json_encode(array("result" => "success")); - } - - private function _get_add_form($album) { - $form = new Forge("flash_uploader/finish", "", "post", array("id" => "g-add-photos-form")); - $group = $form->group("add_photos") - ->label(t("Add photos to %album_title", array("album_title" => html::purify($album->title)))); - $group->uploadify("uploadify")->album($album); - - $group = $form->group("actions"); - $group->uploadify_buttons(""); - - module::event("add_photos_form", $album, $form); - - return $form; - } -} diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php new file mode 100644 index 00000000..38e22cee --- /dev/null +++ b/modules/gallery/controllers/uploader.php @@ -0,0 +1,125 @@ +is_album()) { + $item = $item->parent(); + } + + print json_encode(array("form" => (string)$this->_get_add_form($item))); + //print $this->_get_add_form($item); + } + + public function start() { + access::verify_csrf(); + batch::start(); + } + + public function add_photo($id) { + $album = ORM::factory("item", $id); + access::required("view", $album); + access::required("add", $album); + access::verify_csrf(); + + // The Flash uploader not call /start directly, so simulate it here for now. + if (!batch::in_progress()) { + batch::start(); + } + + $form = $this->_get_add_form($album); + + // Uploadify adds its own field to the form, so validate that separately. + $file_validation = new Validation($_FILES); + $file_validation->add_rules( + "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); + + if ($form->validate() && $file_validation->validate()) { + $temp_filename = upload::save("Filedata"); + try { + $item = ORM::factory("item"); + $item->name = substr(basename($temp_filename), 10); // Skip unique identifier Kohana adds + $item->title = item::convert_filename_to_title($item->name); + $item->parent_id = $album->id; + $item->set_data_file($temp_filename); + + $path_info = @pathinfo($temp_filename); + if (array_key_exists("extension", $path_info) && + in_array(strtolower($path_info["extension"]), array("flv", "mp4", "m4v"))) { + $item->type = "movie"; + $item->save(); + log::success("content", t("Added a movie"), + html::anchor("movies/$item->id", t("view movie"))); + } else { + $item->type = "photo"; + $item->save(); + log::success("content", t("Added a photo"), + html::anchor("photos/$item->id", t("view photo"))); + } + + module::event("add_photos_form_completed", $item, $form); + } catch (Exception $e) { + // The Flash uploader has no good way of reporting complex errors, so just keep it simple. + Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); + + // Ugh. I hate to use instanceof, But this beats catching the exception separately since + // we mostly want to treat it the same way as all other exceptions + if ($e instanceof ORM_Validation_Exception) { + Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); + } + + if (file_exists($temp_filename)) { + unlink($temp_filename); + } + header("HTTP/1.1 500 Internal Server Error"); + print "ERROR: " . $e->getMessage(); + return; + } + unlink($temp_filename); + print "FILEID: $item->id"; + } else { + header("HTTP/1.1 400 Bad Request"); + print "ERROR: " . t("Invalid upload"); + } + } + + public function finish() { + access::verify_csrf(); + + batch::stop(); + print json_encode(array("result" => "success")); + } + + private function _get_add_form($album) { + $form = new Forge("uploader/finish", "", "post", array("id" => "g-add-photos-form")); + $group = $form->group("add_photos") + ->label(t("Add photos to %album_title", array("album_title" => html::purify($album->title)))); + $group->uploadify("uploadify")->album($album); + + $group = $form->group("actions"); + $group->uploadify_buttons(""); + + module::event("add_photos_form", $album, $form); + + return $form; + } +} diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 76bd9ee7..f90f8843 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -237,7 +237,7 @@ class gallery_event_Core { $add_menu->append(Menu::factory("dialog") ->id("add_photos_item") ->label(t("Add photos")) - ->url(url::site("flash_uploader/app/$item->id"))); + ->url(url::site("uploader/index/$item->id"))); if ($item->is_album()) { $add_menu->append(Menu::factory("dialog") ->id("add_album_item") @@ -508,7 +508,7 @@ class gallery_event_Core { ->id("add_item") ->label(t("Add a photo")) ->css_class("ui-icon-plus") - ->url(url::site("flash_uploader/app/$item->id"))) + ->url(url::site("uploader/index/$item->id"))) ->append(Menu::factory("dialog") ->id("add_album") ->label(t("Add an album")) diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 937a37b6..6e18a85c 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -7,7 +7,7 @@ width: 150, height: 33, uploader: "", - script: "id}") ?>", + script: "id}") ?>", scriptData: , fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.m4v;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4;*.M4V", fileDesc: for_js() ?>, diff --git a/themes/wind/views/album.html.php b/themes/wind/views/album.html.php index b9072e2b..de196be0 100644 --- a/themes/wind/views/album.html.php +++ b/themes/wind/views/album.html.php @@ -29,7 +29,7 @@ admin || access::can("add", $item)): ?> - id") ?> + id") ?>
  • Add some.", array("attrs" => html::mark_clean("href=\"$addurl\" class=\"g-dialog-link\""))) ?>
    • -- cgit v1.2.3 From 86a91c11cf8e2af8d100ee8a982a299d341ef032 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 15 Jul 2010 12:51:35 -0700 Subject: Redirect users away from admin to the main site if you click logout on the admin dashboard. Fixes ticket #1201 --- modules/gallery/helpers/gallery_event.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index f90f8843..bdcfc67a 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -206,8 +206,10 @@ class gallery_event_Core { $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue_url=" . - urlencode($continue_url))) + ->url( + Router::$controller == "admin" ? + url::site("") : + url::site("logout?csrf=$csrf&continue_url=" . urlencode($continue_url))) ->label(t("Logout"))); } } -- cgit v1.2.3 From 155d2b809b5d416f39bc71ce10c2704b886eccef Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 15 Jul 2010 14:54:45 -0700 Subject: Rename g-in-dialog to the naming standard for query parameters and give it something more representative... 'gallery_dialog_request' --- lib/gallery.dialog.js | 2 +- modules/gallery/controllers/admin.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 1d0eae7e..a36c561a 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,7 +27,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "gallery_dialog_request=1"; $.getJSON(url, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 7d2a0c43..3befac7d 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -84,9 +84,9 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - $reauthenticate = array("continue_url" => url::abs_current(true), - "in_dialog" => strpos(Router::$query_string, "g-in-dialog") !== false, - "controller" => $controller_name, "args" => $args); + $reauthenticate = + array("continue_url" => url::abs_current(true), + "in_dialog" => strpos(Router::$query_string, "gallery_dialog_request") !== false); Session::instance()->set("reauthenticate", $reauthenticate); } -- cgit v1.2.3 From 993e041274362ddec68ddf4566c72913464de504 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 15 Jul 2010 14:57:43 -0700 Subject: Remove the code to call the controller directly and just use redirect. Now that all the form calls actually return the form as a json object, calling the form creation controller method i no longer required. --- modules/gallery/controllers/reauthenticate.php | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 29387536..7378ea73 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -46,10 +46,8 @@ class Reauthenticate_Controller extends Controller { Session::instance()->delete("reauthenticate"); if (empty($reauthenticate["in_dialog"])) { message::success(t("Successfully re-authenticated!")); - url::redirect($reauthenticate["continue_url"]); - } else { - self::_call_admin_function($reauthenticate); } + url::redirect($reauthenticate["continue_url"]); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -88,27 +86,6 @@ class Reauthenticate_Controller extends Controller { return $form; } - private static function _call_admin_function($reauthenticate) { - $controller_name = $reauthenticate["controller"]; - $args = $reauthenticate["args"]; - if ($controller_name == "index") { - $controller_name = "dashboard"; - } - - $controller_name = "Admin_{$controller_name}_Controller"; - if ($args) { - $method = array_shift($args); - } else { - $method = "index"; - } - - if (!method_exists($controller_name, $method)) { - throw new Kohana_404_Exception(); - } - - call_user_func_array(array(new $controller_name, $method), $args); - } - static function valid_password($password_input) { if (!identity::is_correct_password(identity::active_user(), $password_input->value)) { $password_input->add_error("invalid_password", 1); -- cgit v1.2.3 From b51b49cb63d990611dacccca5e2a505c6c96357d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 15 Jul 2010 19:45:10 -0700 Subject: Don't show a themed 404 page if we get to a 404 via file_proxy. Just return a simple "File not found" message, since this is a very basic file access (thumbnail, resize, original etc) --- modules/gallery/views/kohana/error.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/kohana/error.php b/modules/gallery/views/kohana/error.php index cc9d2e84..0e84f093 100644 --- a/modules/gallery/views/kohana/error.php +++ b/modules/gallery/views/kohana/error.php @@ -25,16 +25,20 @@ try { // Try to show a themed error page for 404 errors if ($e instanceof Kohana_404_Exception) { - $view = new Theme_View("page.html", "other", "error"); - $view->page_title = t("Dang... Page not found!"); - $view->content = new View("error_404.html"); - $user = identity::active_user(); - $view->content->is_guest = $user && $user->guest; - if ($view->content->is_guest) { - $view->content->login_form = new View("login_ajax.html"); - $view->content->login_form->form = auth::get_login_form("login/auth_html"); + if (Router::$controller == "file_proxy") { + print "File not found"; + } else { + $view = new Theme_View("page.html", "other", "error"); + $view->page_title = t("Dang... Page not found!"); + $view->content = new View("error_404.html"); + $user = identity::active_user(); + $view->content->is_guest = $user && $user->guest; + if ($view->content->is_guest) { + $view->content->login_form = new View("login_ajax.html"); + $view->content->login_form->form = auth::get_login_form("login/auth_html"); + } + print $view; } - print $view; return; } -- cgit v1.2.3 From ce2b3d00011ca9ec13eb3db66034b41687fd26ad Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 16 Jul 2010 06:52:18 -0700 Subject: Remove code that was inadvertently committed. --- modules/gallery/views/form_uploadify.html.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 6e18a85c..4f564b07 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -88,7 +88,6 @@ -

    @@ -100,7 +99,6 @@

  • title) ?>
    • -
    -- cgit v1.2.3 From bd969a6ffa85488c170be23392fba2792bd00da3 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 16 Jul 2010 07:37:24 -0700 Subject: Fix for ticket #1202. Set the minimum flash version 10.0.0 and display a message and a button to download the latest version if the minimum versiion is not installed. --- modules/organize/views/organize_dialog.html.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index c41e5960..40cebfcf 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -2,7 +2,7 @@