From 188f418a54efe2681166dde33a59dead2e87a4bb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 6 Jan 2010 11:42:44 -0800 Subject: Correct the controller_auth_data golden file to reflect that the csrf is not longer considered dirty in the logout controller. --- modules/gallery/tests/controller_auth_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index c1fffe6a..beabee49 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -13,7 +13,7 @@ modules/gallery/controllers/login.php ajax modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH modules/gallery/controllers/login.php auth_html DIRTY_AUTH -modules/gallery/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH -- cgit v1.2.3 From 058a84ed76df96aeb6ec082d16fe0d8f317faac2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 6 Jan 2010 17:04:44 -0800 Subject: Convert ORM::in() to ORM::where(.., "IN", ..) for K24 compatibility. --- modules/user/libraries/drivers/IdentityProvider/Gallery.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index 50064287..d874512c 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -127,9 +127,8 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { */ public function get_user_list($ids) { return ORM::factory("user") - ->in("id", $ids) - ->find_all() - ->as_array(); + ->where("id", "IN", $ids) + ->find_all(); } /** -- cgit v1.2.3 From 58620c5faa777019222f7dd9853b2848f46db2a6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 7 Jan 2010 10:55:43 -0800 Subject: Use rawurlencode to remove any encoding that the browser may have added. Fixes ticket #954. --- modules/gallery/controllers/file_proxy.php | 32 ++++++++++++++++-------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index f0a38fbe..8a4e759b 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -28,16 +28,17 @@ */ class File_Proxy_Controller extends Controller { public function __call($function, $args) { - // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg - $request_uri = Input::instance()->server("REQUEST_URI"); + // request_uri: gallery3/var/trunk/albums/foo/bar.jpg + $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); + $request_uri = preg_replace("/\?.*/", "", $request_uri); - // var_uri: http://example.com/gallery3/var/ + // var_uri: gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var - $offset = strpos($request_uri, $var_uri); - if ($offset === false) { + $offset = strpos(rawurldecode($request_uri), $var_uri); + if ($offset !== 0) { throw new Kohana_404_Exception(); } @@ -57,7 +58,9 @@ class File_Proxy_Controller extends Controller { $path = preg_replace("|/.album.jpg$|", "", $path); // We now have the relative path to the item. Search for it in the path cache - $item = ORM::factory("item")->where("relative_path_cache", "=", $path)->find(); + // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to + // insure that the paths are normalized. + $item = ORM::factory("item")->where("relative_path_cache", "=", rawurlencode($path))->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be @@ -81,14 +84,6 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } - if ($type == "albums") { - $file = $item->file_path(); - } else if ($type == "resizes") { - $file = $item->resize_path(); - } else { - $file = $item->thumb_path(); - } - // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); @@ -104,11 +99,18 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + if ($type == "albums") { + $file = $item->file_path(); + } else if ($type == "resizes") { + $file = $item->resize_path(); + } else { + $file = $item->thumb_path(); + } + if (!file_exists($file)) { throw new Kohana_404_Exception(); } - header('Last-Modified: '.gmdate('D, d M Y H:i:s T', $item->updated)); header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); -- cgit v1.2.3 From 46e33f1bbe6f8526470e041658a30df6e9e6c84a Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 8 Jan 2010 11:06:54 -0800 Subject: Fix for ticket #933. Move the inclusion of the piclens script from the theme::header callback to the theme::page_bottom callback. --- modules/slideshow/helpers/slideshow_theme.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/slideshow/helpers/slideshow_theme.php b/modules/slideshow/helpers/slideshow_theme.php index 163d2bd8..6aaf371c 100644 --- a/modules/slideshow/helpers/slideshow_theme.php +++ b/modules/slideshow/helpers/slideshow_theme.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class slideshow_theme_Core { - static function head($theme) { + static function page_bottom($theme) { $proto = (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] === "off") ? "http" : "https"; return ""; -- cgit v1.2.3 From 2ab6eda728180e8406916d04a0bc858c18aaafd5 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 8 Jan 2010 12:18:46 -0800 Subject: Change file proxy to url encode the path components instead of the entire path. Otherwise, we will encode the slashes and won't find the item. --- modules/gallery/controllers/file_proxy.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 8a4e759b..646edf17 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -56,11 +56,16 @@ class File_Proxy_Controller extends Controller { // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg$|", "", $path); + $encoded_path = array(); + foreach (explode("/", $path) as $path_part) { + $encoded_path[] = rawurlencode($path_part); + } // We now have the relative path to the item. Search for it in the path cache // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to // insure that the paths are normalized. - $item = ORM::factory("item")->where("relative_path_cache", "=", rawurlencode($path))->find(); + $item = ORM::factory("item") + ->where("relative_path_cache", "=", implode("/", $encoded_path))->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be -- cgit v1.2.3 From bd9f945e3f2de4ea2402bd3941dba69c79ddc5a4 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 8 Jan 2010 12:49:16 -0800 Subject: Remove the display of the "body_attributes" div when in debug mode. debug mode is by default set up to add new div's to display the location of the content. "body_attributes" are attributes on the body tag and trying to add content introduces an extra > in the html stream. --- modules/gallery/libraries/Theme_View.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index f78a7018..a6d1806c 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -278,9 +278,10 @@ class Theme_View_Core extends Gallery_View { } if (Session::instance()->get("debug")) { - if ($function != "head") { + if ($function != "head" && $function != "body_attributes") { array_unshift( - $blocks, "
" . + $blocks, + "
" . "
$function
"); $blocks[] = "
"; } -- cgit v1.2.3