From c37288f0b24c19813405096c087ab0c7c171c358 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 14 Apr 2013 00:21:47 -0400 Subject: Sanitize all key values. --- modules/gallery/views/error_admin.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/error_admin.html.php b/modules/gallery/views/error_admin.html.php index cd1bd569..036e2049 100644 --- a/modules/gallery/views/error_admin.html.php +++ b/modules/gallery/views/error_admin.html.php @@ -289,7 +289,7 @@ - + -- cgit v1.2.3 From 9b1c6ab14f8a7c6024795d213f55ea31ac77c480 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 14 Apr 2013 00:28:29 -0400 Subject: Golden file update follow-on for c37288f0b24c19813405096c087ab0c7c171c358 --- modules/gallery/tests/xss_data.txt | 1 - 1 file changed, 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 2152858a..d3d96878 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -177,7 +177,6 @@ modules/gallery/views/error_admin.html.php 284 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 285 DIRTY_JS $env_id modules/gallery/views/error_admin.html.php 285 DIRTY $var modules/gallery/views/error_admin.html.php 286 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 292 DIRTY $key modules/gallery/views/error_admin.html.php 296 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 16 DIRTY_JS url::site("uploader/status/_S/_E") modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS $flash_minimum_version -- cgit v1.2.3 From 0f28d4cee460dfada48bd6c81470db62e48b16d0 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sat, 20 Apr 2013 10:09:03 +0200 Subject: Ensure that movie titles are purified upon display. --- modules/gallery/controllers/movies.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index ca332f67..56075710 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -67,7 +67,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated movie", "url()}\">view"); message::success( - t("Saved movie %movie_title", array("movie_title" => $movie->title))); + t("Saved movie %movie_title", array("movie_title" => html::purify($movie->title)))); if ($form->from_id->value == $movie->id) { // Use the new url; it might have changed. -- cgit v1.2.3 From ce97f5ff264aa34e74a98bae3ff23678a1ddde75 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Sun, 5 May 2013 08:42:48 -0700 Subject: There is no $g2_album_id here I assume this should be $g2_album->getId() instead --- modules/g2_import/helpers/g2_import.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index b155a88a..82850e85 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -498,7 +498,7 @@ class g2_import_Core { $album->description = self::_decode_html_special_chars(self::extract_description($g2_album)); $album->owner_id = self::map($g2_album->getOwnerId()); try { - $album->view_count = (int) g2(GalleryCoreApi::fetchItemViewCount($g2_album_id)); + $album->view_count = (int) g2(GalleryCoreApi::fetchItemViewCount($g2_album->getId())); } catch (Exception $e) { // @todo log $album->view_count = 0; -- cgit v1.2.3 From 90528d9c83b74518c0a2293802b93fa03da40345 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Tue, 7 May 2013 18:46:43 +0200 Subject: #2065 - Fix problems with double-ajaxifying of dialogs. Change all jQuery-ui widget _init() functions to _create() functions. --- lib/gallery.ajax.js | 2 +- lib/gallery.dialog.js | 2 +- lib/gallery.in_place_edit.js | 2 +- lib/gallery.panel.js | 2 +- modules/server_add/js/server_add.js | 2 +- modules/user/js/password_strength.js | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/lib/gallery.ajax.js b/lib/gallery.ajax.js index 08f1fede..898bbd79 100644 --- a/lib/gallery.ajax.js +++ b/lib/gallery.ajax.js @@ -1,6 +1,6 @@ (function($) { $.widget("ui.gallery_ajax", { - _init: function() { + _create: function() { this.element.click(function(event) { eval("var ajax_handler = " + $(event.currentTarget).attr("data-ajax-handler")); $.get($(event.currentTarget).attr("href"), function(data) { diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 1c810171..6b4cd68d 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -7,7 +7,7 @@ resizable: false, position: "center" }, - _init: function() { + _create: function() { var self = this; if (!self.options.immediate) { this.element.click(function(event) { diff --git a/lib/gallery.in_place_edit.js b/lib/gallery.in_place_edit.js index 86a58856..560f86fa 100644 --- a/lib/gallery.in_place_edit.js +++ b/lib/gallery.in_place_edit.js @@ -2,7 +2,7 @@ $.widget("ui.gallery_in_place_edit", { options: {}, - _init: function() { + _create: function() { var self = this; this.element.click(function(event) { event.preventDefault(); diff --git a/lib/gallery.panel.js b/lib/gallery.panel.js index 877faf64..7b2460a4 100644 --- a/lib/gallery.panel.js +++ b/lib/gallery.panel.js @@ -1,6 +1,6 @@ (function($) { $.widget("ui.gallery_panel", { - _init: function() { + _create: function() { var self = this; this.element.click(function(event) { event.preventDefault(); diff --git a/modules/server_add/js/server_add.js b/modules/server_add/js/server_add.js index a2499896..59901734 100644 --- a/modules/server_add/js/server_add.js +++ b/modules/server_add/js/server_add.js @@ -1,6 +1,6 @@ (function($) { $.widget("ui.gallery_server_add", { - _init: function() { + _create: function() { var self = this; $("#g-server-add-add-button", this.element).click(function(event) { event.preventDefault(); diff --git a/modules/user/js/password_strength.js b/modules/user/js/password_strength.js index c5fccc68..742db0ca 100644 --- a/modules/user/js/password_strength.js +++ b/modules/user/js/password_strength.js @@ -9,7 +9,7 @@ 'g-password-strength100'] }, - _init: function() { + _create: function() { var self = this; $(this.element).on("input keyup", function() { var strength = self.calculateStrength(this.value); -- cgit v1.2.3 From e4a3abdd207cce37c4f71ed87d0c420ec8539775 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 9 May 2013 20:04:01 -0400 Subject: Change upload code to use new uploadify urls. --- modules/gallery/tests/xss_data.txt | 2 +- modules/gallery/views/form_uploadify.html.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index d3d96878..8504de3a 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -180,7 +180,7 @@ modules/gallery/views/error_admin.html.php 286 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 296 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 16 DIRTY_JS url::site("uploader/status/_S/_E") modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS $flash_minimum_version -modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.swf") +modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.php") modules/gallery/views/form_uploadify.html.php 29 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS implode(";",$extensions) modules/gallery/views/form_uploadify.html.php 33 DIRTY_JS url::file("lib/uploadify/cancel.png") diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index c13e3418..4963d185 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -25,7 +25,7 @@ $("#g-uploadify").uploadify({ width: 298, height: 32, - uploader: "", + uploader: "", script: "id}") ?>", scriptData: , fileExt: "", -- cgit v1.2.3 From b6ad4157d1aae5849ad5608b90c62f1acf22e1a9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 9 May 2013 20:09:15 -0400 Subject: Get rid of the security preamble - we intend for these files to be directly accessible. --- lib/uploadify/uploadify.allglyphs.php | 2 +- lib/uploadify/uploadify.php | 2 +- modules/gallery/tests/File_Structure_Test.php | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/lib/uploadify/uploadify.allglyphs.php b/lib/uploadify/uploadify.allglyphs.php index e784b9b0..18b75a50 100644 --- a/lib/uploadify/uploadify.allglyphs.php +++ b/lib/uploadify/uploadify.allglyphs.php @@ -1,4 +1,4 @@ - Date: Tue, 14 May 2013 13:35:09 +0200 Subject: #2069 - Change "Fix your Gallery" task go faster and be more comprehensive. - optimize MPTT pointer rebuilding for leaf nodes (i.e. non-albums). - reverse order_by to try and preserve existing tree ordering. - reset item level while we're here. - use "$stack[] = 123" instead of array_push($stack, 123) since it's faster. --HG-- extra : source : 297e4c0eccc5a7940224ff8e908b366e83017354 --- modules/gallery/helpers/gallery_task.php | 50 ++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 16 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index a79cb2d5..ac98831b 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -398,42 +398,60 @@ class gallery_task_Core { switch ($state) { case self::FIX_STATE_START_MPTT: $task->set("ptr", $ptr = 1); - $task->set("stack", item::root()->id . ":L"); + $task->set("stack", item::root()->id . ":album:1:L"); $state = self::FIX_STATE_RUN_MPTT; break; case self::FIX_STATE_RUN_MPTT: $ptr = $task->get("ptr"); $stack = explode(" ", $task->get("stack")); - list ($id, $ptr_mode) = explode(":", array_pop($stack)); + list ($id, $type, $level, $ptr_mode) = explode(":", array_pop($stack)); if ($ptr_mode == "L") { - $stack[] = "$id:R"; - db::build() - ->update("items") - ->set("left_ptr", $ptr++) - ->where("id", "=", $id) - ->execute(); + if ($type == "album") { + // Albums could be parent nodes. + $stack[] = "$id:$type:$level:R"; + db::build() + ->update("items") + ->set("left_ptr", $ptr++) + ->where("id", "=", $id) + ->execute(); - foreach (db::build() - ->select(array("id")) - ->from("items") - ->where("parent_id", "=", $id) - ->order_by("left_ptr", "ASC") - ->execute() as $child) { - array_push($stack, "{$child->id}:L"); + $level++; + foreach (db::build() + ->select(array("id", "type")) + ->from("items") + ->where("parent_id", "=", $id) + ->order_by("left_ptr", "DESC") // DESC since array_pop effectively reverses them + ->execute() as $child) { + $stack[] = "{$child->id}:{$child->type}:$level:L"; + } + $completed++; + } else { + // Non-albums must be leaf nodes. + db::build() + ->update("items") + ->set("left_ptr", $ptr++) + ->set("right_ptr", $ptr++) + ->set("level", $level) + ->set("relative_path_cache", null) + ->set("relative_url_cache", null) + ->where("id", "=", $id) + ->execute(); + $completed += 2; // we updated two pointers } } else if ($ptr_mode == "R") { db::build() ->update("items") ->set("right_ptr", $ptr++) + ->set("level", $level) ->set("relative_path_cache", null) ->set("relative_url_cache", null) ->where("id", "=", $id) ->execute(); + $completed++; } $task->set("ptr", $ptr); $task->set("stack", implode(" ", $stack)); - $completed++; if (empty($stack)) { $state = self::FIX_STATE_START_DUPE_SLUGS; -- cgit v1.2.3 From 6f922ca427ff94937904979d02e6fba063effd77 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Wed, 15 May 2013 11:16:46 +0200 Subject: Follow-on to #2069 - Decrease stack size of MPTT rebuild task. This reduces the likelihood that we'll hit a limit with gargantuan galleries. --HG-- extra : source : c4a118d43145a2a4ec9b934d3aebe8f9458bcf07 --- modules/gallery/helpers/gallery_task.php | 70 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 34 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index ac98831b..618cf8fd 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -398,48 +398,50 @@ class gallery_task_Core { switch ($state) { case self::FIX_STATE_START_MPTT: $task->set("ptr", $ptr = 1); - $task->set("stack", item::root()->id . ":album:1:L"); + $task->set("stack", item::root()->id . "L1"); $state = self::FIX_STATE_RUN_MPTT; break; case self::FIX_STATE_RUN_MPTT: $ptr = $task->get("ptr"); $stack = explode(" ", $task->get("stack")); - list ($id, $type, $level, $ptr_mode) = explode(":", array_pop($stack)); - if ($ptr_mode == "L") { - if ($type == "album") { - // Albums could be parent nodes. - $stack[] = "$id:$type:$level:R"; - db::build() - ->update("items") - ->set("left_ptr", $ptr++) - ->where("id", "=", $id) - ->execute(); + preg_match("/([0-9]+)([A-Z])([0-9]+)/", array_pop($stack), $matches); // e.g. "12345L10" + list ( , $id, $ptr_mode, $level) = $matches; // Skip the 0th entry of matches. + switch ($ptr_mode) { + case "L": + // Albums could be parent nodes. + $stack[] = "{$id}R{$level}"; + db::build() + ->update("items") + ->set("left_ptr", $ptr++) + ->where("id", "=", $id) + ->execute(); - $level++; - foreach (db::build() - ->select(array("id", "type")) - ->from("items") - ->where("parent_id", "=", $id) - ->order_by("left_ptr", "DESC") // DESC since array_pop effectively reverses them - ->execute() as $child) { - $stack[] = "{$child->id}:{$child->type}:$level:L"; - } - $completed++; - } else { - // Non-albums must be leaf nodes. - db::build() - ->update("items") - ->set("left_ptr", $ptr++) - ->set("right_ptr", $ptr++) - ->set("level", $level) - ->set("relative_path_cache", null) - ->set("relative_url_cache", null) - ->where("id", "=", $id) - ->execute(); - $completed += 2; // we updated two pointers + $level++; + foreach (db::build() + ->select(array("id", "type")) + ->from("items") + ->where("parent_id", "=", $id) + ->order_by("left_ptr", "DESC") // DESC since array_pop effectively reverses them + ->execute() as $child) { + $stack[] = ($child->type == "album") ? "{$child->id}L{$level}" : "{$child->id}B{$level}"; } - } else if ($ptr_mode == "R") { + $completed++; + break; + case "B": + // Non-albums must be leaf nodes. + db::build() + ->update("items") + ->set("left_ptr", $ptr++) + ->set("right_ptr", $ptr++) + ->set("level", $level) + ->set("relative_path_cache", null) + ->set("relative_url_cache", null) + ->where("id", "=", $id) + ->execute(); + $completed += 2; // we updated two pointers + break; + case "R": db::build() ->update("items") ->set("right_ptr", $ptr++) -- cgit v1.2.3