From 58620c5faa777019222f7dd9853b2848f46db2a6 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 7 Jan 2010 10:55:43 -0800
Subject: Use rawurlencode to remove any encoding that the browser may have
 added.  Fixes ticket #954.

---
 modules/gallery/controllers/file_proxy.php | 32 ++++++++++++++++--------------
 1 file changed, 17 insertions(+), 15 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index f0a38fbe..8a4e759b 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -28,16 +28,17 @@
  */
 class File_Proxy_Controller extends Controller {
   public function __call($function, $args) {
-    // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
-    $request_uri = Input::instance()->server("REQUEST_URI");
+    // request_uri: gallery3/var/trunk/albums/foo/bar.jpg
+    $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI"));
+
     $request_uri = preg_replace("/\?.*/", "", $request_uri);
 
-    // var_uri: http://example.com/gallery3/var/
+    // var_uri: gallery3/var/
     $var_uri = url::file("var/");
 
     // Make sure that the request is for a file inside var
-    $offset = strpos($request_uri, $var_uri);
-    if ($offset === false) {
+    $offset = strpos(rawurldecode($request_uri), $var_uri);
+    if ($offset !== 0) {
       throw new Kohana_404_Exception();
     }
 
@@ -57,7 +58,9 @@ class File_Proxy_Controller extends Controller {
     $path = preg_replace("|/.album.jpg$|", "", $path);
 
     // We now have the relative path to the item.  Search for it in the path cache
-    $item = ORM::factory("item")->where("relative_path_cache", "=", $path)->find();
+    // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to
+    // insure that the paths are normalized.
+    $item = ORM::factory("item")->where("relative_path_cache", "=", rawurlencode($path))->find();
     if (!$item->loaded()) {
       // We didn't turn it up.  It's possible that the relative_path_cache is out of date here.
       // There was fallback code, but bharat deleted it in 8f1bca74.  If it turns out to be
@@ -81,14 +84,6 @@ class File_Proxy_Controller extends Controller {
       throw new Kohana_404_Exception();
     }
 
-    if ($type == "albums") {
-      $file = $item->file_path();
-    } else if ($type == "resizes") {
-      $file = $item->resize_path();
-    } else {
-      $file = $item->thumb_path();
-    }
-
     // Make sure we have access to the item
     if (!access::can("view", $item)) {
       throw new Kohana_404_Exception();
@@ -104,11 +99,18 @@ class File_Proxy_Controller extends Controller {
       throw new Kohana_404_Exception();
     }
 
+    if ($type == "albums") {
+      $file = $item->file_path();
+    } else if ($type == "resizes") {
+      $file = $item->resize_path();
+    } else {
+      $file = $item->thumb_path();
+    }
+
     if (!file_exists($file)) {
       throw new Kohana_404_Exception();
     }
 
-    header('Last-Modified: '.gmdate('D, d M Y H:i:s T', $item->updated));
     header("Pragma:");
     // Check that the content hasn't expired or it wasn't changed since cached
     expires::check(2592000, $item->updated);
-- 
cgit v1.2.3


From 46e33f1bbe6f8526470e041658a30df6e9e6c84a Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 8 Jan 2010 11:06:54 -0800
Subject: Fix for ticket #933. Move the inclusion of the piclens script from
 the theme::header callback to the theme::page_bottom callback.

---
 modules/slideshow/helpers/slideshow_theme.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/slideshow/helpers/slideshow_theme.php b/modules/slideshow/helpers/slideshow_theme.php
index 163d2bd8..6aaf371c 100644
--- a/modules/slideshow/helpers/slideshow_theme.php
+++ b/modules/slideshow/helpers/slideshow_theme.php
@@ -18,7 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class slideshow_theme_Core {
-  static function head($theme) {
+  static function page_bottom($theme) {
     $proto = (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] === "off") ? "http" : "https";
     return "<script src=\"$proto://apps.cooliris.com/slideshow/go.js\" " .
       "type=\"text/javascript\"></script>";
-- 
cgit v1.2.3


From 2ab6eda728180e8406916d04a0bc858c18aaafd5 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 8 Jan 2010 12:18:46 -0800
Subject: Change file proxy to url encode the path components instead of the
 entire path.  Otherwise, we will encode the slashes and won't find the item.

---
 modules/gallery/controllers/file_proxy.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index 8a4e759b..646edf17 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -56,11 +56,16 @@ class File_Proxy_Controller extends Controller {
 
     // If the last element is .album.jpg, pop that off since it's not a real item
     $path = preg_replace("|/.album.jpg$|", "", $path);
+    $encoded_path = array();
+    foreach (explode("/", $path) as $path_part) {
+      $encoded_path[] = rawurlencode($path_part);
+    }
 
     // We now have the relative path to the item.  Search for it in the path cache
     // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to
     // insure that the paths are normalized.
-    $item = ORM::factory("item")->where("relative_path_cache", "=", rawurlencode($path))->find();
+    $item = ORM::factory("item")
+      ->where("relative_path_cache", "=", implode("/", $encoded_path))->find();
     if (!$item->loaded()) {
       // We didn't turn it up.  It's possible that the relative_path_cache is out of date here.
       // There was fallback code, but bharat deleted it in 8f1bca74.  If it turns out to be
-- 
cgit v1.2.3


From bd9f945e3f2de4ea2402bd3941dba69c79ddc5a4 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 8 Jan 2010 12:49:16 -0800
Subject: Remove the display of the "body_attributes" div when in debug mode. 
 debug mode is by default set up to add new div's to display the location of
 the content. "body_attributes" are attributes on the body tag and trying to
 add content introduces an extra > in the html stream.

---
 modules/gallery/libraries/Theme_View.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index f78a7018..a6d1806c 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -278,9 +278,10 @@ class Theme_View_Core extends Gallery_View {
       }
 
       if (Session::instance()->get("debug")) {
-        if ($function != "head") {
+        if ($function != "head" && $function != "body_attributes") {
           array_unshift(
-            $blocks, "<div class=\"g-annotated-theme-block g-annotated-theme-block_$function g-clear-fix\">" .
+            $blocks,
+            "<div class=\"g-annotated-theme-block g-annotated-theme-block_$function g-clear-fix\">" .
             "<div class=\"title\">$function</div>");
           $blocks[] = "</div>";
         }
-- 
cgit v1.2.3