From fc942aacda07346fa9af04853659eaeac1e766d3 Mon Sep 17 00:00:00 2001 From: "Thomas E. Horner" Date: Fri, 8 Jul 2011 09:33:51 +0200 Subject: availability of rss is now configurable --- modules/comment/controllers/admin_comments.php | 9 +++++++++ modules/comment/helpers/comment_installer.php | 8 +++++++- modules/comment/helpers/comment_rss.php | 12 ++++++++++-- 3 files changed, 26 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index 1e24ac9b..3fc7b638 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -32,6 +32,8 @@ class Admin_Comments_Controller extends Admin_Controller { $form->validate(); module::set_var("comment", "access_permissions", $form->comment_settings->access_permissions->value); + module::set_var("comment", "rss_available", + $form->comment_settings->rss_available->value); message::success(t("Comment settings updated")); url::redirect("admin/comments"); } @@ -45,6 +47,13 @@ class Admin_Comments_Controller extends Admin_Controller { ->options(array("everybody" => t("Everybody"), "registered_users" => t("Only registered users"))) ->selected(module::get_var("comment", "access_permissions")); + $comment_settings->dropdown("rss_available") + ->label(t("Which RSS feeds should be available?")) + ->options(array("both" => t("Both"), + "newest" => t("Only All new comments"), + "onitem" => t("Only Comments on item"), + "none" => t("None"))) + ->selected(module::get_var("comment", "rss_available")); $comment_settings->submit("save")->value(t("Save")); return $form; } diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index 5c6bd586..327e4941 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -48,7 +48,8 @@ class comment_installer { module::set_var("comment", "spam_caught", 0); module::set_var("comment", "access_permissions", "everybody"); - module::set_version("comment", 4); + module::set_var("comment", "rss_available", "both"); + module::set_version("comment", 5); } static function upgrade($version) { @@ -75,6 +76,11 @@ class comment_installer { "ALTER TABLE {comments} CHANGE `server_remote_host` `server_remote_host` varchar(255)"); module::set_version("comment", $version = 4); } + + if ($version == 4) { + module::set_var("comment", "rss_available", "both"); + module::set_version("comment", $version = 5); + } } static function uninstall() { diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index d04e74cf..dd6efd87 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -20,8 +20,16 @@ class comment_rss_Core { static function available_feeds($item, $tag) { - $feeds["comment/newest"] = t("All new comments"); - if ($item) { + $avail = module::get_var("comment", "rss_available"); + if($avail == "none") { + return array(); + } + + if($avail == "both" || $avail == "newest") { + $feeds["comment/newest"] = t("All new comments"); + } + + if ($item && ($avail == "both" || $avail == "onitem")) { $feeds["comment/item/$item->id"] = t("Comments on %title", array("title" => html::purify($item->title))); } -- cgit v1.2.3 From 2475bcd60cb89a40306d3bd4eac4406cfcbac82f Mon Sep 17 00:00:00 2001 From: Maxim Rubis Date: Mon, 26 Mar 2012 21:19:36 -0400 Subject: Fixed Delete button --- modules/server_add/views/admin_server_add.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 474ad428..176cff72 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -26,7 +26,7 @@ $("document").ready(function() { $path): ?>
  • - ") ?>" + -- cgit v1.2.3 From 7d66ab2e949bc915f108737f08cac2f9057ef729 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 29 Mar 2012 13:06:44 -0700 Subject: Improve comment RSS feed visibility, initially added by Thomas E. Horner in fc942aacda07346fa9af04853659eaeac1e766d3. Change some variable names, refactor out visibility checking code, actually check visibility at generation time instead of just suppressing the UI, update module.info Fixes #1829. --- modules/comment/controllers/admin_comments.php | 13 ++++++------- modules/comment/helpers/comment_installer.php | 2 +- modules/comment/helpers/comment_rss.php | 20 +++++++++++++------- modules/comment/module.info | 2 +- 4 files changed, 21 insertions(+), 16 deletions(-) (limited to 'modules') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index 684ce15d..bcd6a939 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -47,13 +47,12 @@ class Admin_Comments_Controller extends Admin_Controller { ->options(array("everybody" => t("Everybody"), "registered_users" => t("Only registered users"))) ->selected(module::get_var("comment", "access_permissions")); - $comment_settings->dropdown("rss_available") - ->label(t("Which RSS feeds should be available?")) - ->options(array("both" => t("Both"), - "newest" => t("Only All new comments"), - "onitem" => t("Only Comments on item"), - "none" => t("None"))) - ->selected(module::get_var("comment", "rss_available")); + $comment_settings->dropdown("rss_visible") + ->label(t("Which RSS feeds can users see?")) + ->options(array("all" => t("All comment feeds"), + "newest" => t("New comments feed only"), + "per_item" => t("Comments on photos, movies and albums only"))) + ->selected(module::get_var("comment", "rss_visible")); $comment_settings->submit("save")->value(t("Save")); return $form; } diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index e8d5e82c..a64064f6 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -78,7 +78,7 @@ class comment_installer { } if ($version == 4) { - module::set_var("comment", "rss_available", "both"); + module::set_var("comment", "rss_visible", "all"); module::set_version("comment", $version = 5); } } diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 919aac95..cfee4727 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -19,17 +19,23 @@ */ class comment_rss_Core { - static function available_feeds($item, $tag) { - $avail = module::get_var("comment", "rss_available"); - if($avail == "none") { - return array(); + static function feed_visible($feed_id) { + $visible = module::get_var("comment", "rss_visible"); + if (!in_array($feed_id, array("newest", "per_item"))) { + return false; } - if($avail == "both" || $avail == "newest") { + return ($visible == "all" || $visible == $feed_id); + } + + static function available_feeds($item, $tag) { + $feeds = array(); + + if (comment_rss::feed_visible("newest")) { $feeds["comment/newest"] = t("All new comments"); } - if ($item && ($avail == "both" || $avail == "onitem")) { + if ($item && comment_rss::feed_visible("per_item")) { $feeds["comment/item/$item->id"] = t("Comments on %title", array("title" => html::purify($item->title))); } @@ -37,7 +43,7 @@ class comment_rss_Core { } static function feed($feed_id, $offset, $limit, $id) { - if ($feed_id != "newest" && $feed_id != "item") { + if (!comment_rss::feed_visible($feed_id)) { return; } diff --git a/modules/comment/module.info b/modules/comment/module.info index 4e7df6f1..ecbf8885 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -1,6 +1,6 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." -version = 4 +version = 5 author_name = "Gallery Team" author_url = "http://codex.gallery2.org/Gallery:Team" info_url = "http://codex.gallery2.org/Gallery3:Modules:comment" -- cgit v1.2.3 From 7ba0b1b75ca2b3ff720f7ddf0e03db882a65353d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 1 Apr 2012 11:36:16 -0700 Subject: Restrict valid urls to having a http:// or https:// prefix. Fixes #1830. --- modules/gallery/helpers/MY_valid.php | 26 ++++++++++++++++++++++++++ modules/gallery/tests/Valid_Test.php | 28 ++++++++++++++++++++++++++++ modules/user/controllers/users.php | 3 ++- 3 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 modules/gallery/helpers/MY_valid.php create mode 100644 modules/gallery/tests/Valid_Test.php (limited to 'modules') diff --git a/modules/gallery/helpers/MY_valid.php b/modules/gallery/helpers/MY_valid.php new file mode 100644 index 00000000..68712302 --- /dev/null +++ b/modules/gallery/helpers/MY_valid.php @@ -0,0 +1,26 @@ +assert_true(valid::url("http://foo.bar.com")); + $this->assert_true(valid::url("https://foo.bar.com")); + + $this->assert_false(valid::url("mailto://bar")); + $this->assert_false(valid::url("ftp://bar")); + } +} \ No newline at end of file diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 441a41bf..0f880fa9 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -209,7 +209,8 @@ class Users_Controller extends Controller { $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name) ->error_messages("length", t("Your name is too long")); self::_add_locale_dropdown($group, $user); - $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); + $group->input("url")->label(t("URL"))->id("g-url")->value($user->url) + ->error_messages("url", t("You must enter a valid url")); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); -- cgit v1.2.3 From f6dac703eceb95ee6af66983e1a77e052446ac2f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 1 Apr 2012 11:53:34 -0700 Subject: Try a different approach at filtering. Fixes #1831. --- modules/gallery/views/admin_advanced_settings.html.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index d4f646f8..8d21d890 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -43,9 +43,9 @@ var filter = $(this).attr("value"); if (filter) { $("tr.setting-row").fadeOut("fast"); - $("tr.setting-row td:contains(" + filter + "), tr.setting-row td a:contains(" + filter + ")").each(function() { - if ($(this).children().length < 1) { - $(this).closest("tr").stop().show(); + $("tr.setting-row").each(function() { + if ($(this).text().indexOf(filter) > 0) { + $(this).stop().show(); } }); } else { -- cgit v1.2.3 From cd46dc479cf975cbb843c360f1240203aebfcb32 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 1 Apr 2012 12:39:48 -0700 Subject: Beef up the random number generator by using Joomla's new implementation. --- modules/gallery/helpers/random.php | 6 +- modules/gallery/vendor/joomla/crypt.php | 151 ++++++++++++++++++++++++++++++++ modules/rest/helpers/rest_event.php | 6 +- 3 files changed, 158 insertions(+), 5 deletions(-) create mode 100644 modules/gallery/vendor/joomla/crypt.php (limited to 'modules') diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php index 0ee83f49..ea08815a 100644 --- a/modules/gallery/helpers/random.php +++ b/modules/gallery/helpers/random.php @@ -17,13 +17,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ + class random_Core { /** * Return a random 32 byte hash value. * @param string extra entropy data */ - static function hash($entropy="") { - return md5($entropy . uniqid(mt_rand(), true)); + static function hash($length=32) { + require_once(MODPATH . "gallery/vendor/joomla/crypt.php"); + return md5(JCrypt::genRandomBytes($length)); } /** diff --git a/modules/gallery/vendor/joomla/crypt.php b/modules/gallery/vendor/joomla/crypt.php new file mode 100644 index 00000000..c7d477dd --- /dev/null +++ b/modules/gallery/vendor/joomla/crypt.php @@ -0,0 +1,151 @@ += 0 + || substr(PHP_OS, 0, 3) !== 'WIN' + ) + ) + { + $sslStr = openssl_random_pseudo_bytes($length, $strong); + if ($strong) + { + return $sslStr; + } + } + + /* + * Collect any entropy available in the system along with a number + * of time measurements of operating system randomness. + */ + $bitsPerRound = 2; + $maxTimeMicro = 400; + $shaHashLength = 20; + $randomStr = ''; + $total = $length; + + // Check if we can use /dev/urandom. + $urandom = false; + $handle = null; + if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom')) + { + $handle = @fopen('/dev/urandom', 'rb'); + if ($handle) + { + $urandom = true; + } + } + + while ($length > strlen($randomStr)) + { + $bytes = ($total > $shaHashLength)? $shaHashLength : $total; + $total -= $bytes; + /* + * Collect any entropy available from the PHP system and filesystem. + * If we have ssl data that isn't strong, we use it once. + */ + $entropy = rand() . uniqid(mt_rand(), true) . $sslStr; + $entropy .= implode('', @fstat(fopen( __FILE__, 'r'))); + $entropy .= memory_get_usage(); + $sslStr = ''; + if ($urandom) + { + stream_set_read_buffer($handle, 0); + $entropy .= @fread($handle, $bytes); + } + else + { + /* + * There is no external source of entropy so we repeat calls + * to mt_rand until we are assured there's real randomness in + * the result. + * + * Measure the time that the operations will take on average. + */ + $samples = 3; + $duration = 0; + for ($pass = 0; $pass < $samples; ++$pass) + { + $microStart = microtime(true) * 1000000; + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < 50; ++$count) + { + $hash = sha1($hash, true); + } + $microEnd = microtime(true) * 1000000; + $entropy .= $microStart . $microEnd; + if ($microStart > $microEnd) { + $microEnd += 1000000; + } + $duration += $microEnd - $microStart; + } + $duration = $duration / $samples; + + /* + * Based on the average time, determine the total rounds so that + * the total running time is bounded to a reasonable number. + */ + $rounds = (int)(($maxTimeMicro / $duration) * 50); + + /* + * Take additional measurements. On average we can expect + * at least $bitsPerRound bits of entropy from each measurement. + */ + $iter = $bytes * (int) ceil(8 / $bitsPerRound); + for ($pass = 0; $pass < $iter; ++$pass) + { + $microStart = microtime(true); + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < $rounds; ++$count) + { + $hash = sha1($hash, true); + } + $entropy .= $microStart . microtime(true); + } + } + + $randomStr .= sha1($entropy, true); + } + + if ($urandom) + { + @fclose($handle); + } + + return substr($randomStr, 0, $length); + } +} diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index 0204eb55..ec500884 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = random::hash($user->name); + $key->access_key = random::hash(); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = random::hash($user->name); + $key->access_key = random::hash(); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = random::hash($data->user->name); + $key->access_key = random::hash(); $key->save(); } $view->rest_key = $key->access_key; -- cgit v1.2.3 From daea22c6b3ed760177b51fbdd28c197f9d928274 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 1 Apr 2012 14:07:50 -0700 Subject: Exclude modules/gallery/vendor/joomla from some structure tests --- modules/gallery/tests/File_Structure_Test.php | 1 + modules/gallery/tests/Gallery_Filters.php | 1 + 2 files changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index ad0f8111..3d2079e5 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -101,6 +101,7 @@ class File_Structure_Test extends Gallery_Unit_Test_Case { $expected_4 = array(" Date: Sun, 1 Apr 2012 14:09:08 -0700 Subject: "public static" -> "static" --- modules/gallery/helpers/MY_valid.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/MY_valid.php b/modules/gallery/helpers/MY_valid.php index 68712302..ee17267a 100644 --- a/modules/gallery/helpers/MY_valid.php +++ b/modules/gallery/helpers/MY_valid.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class valid extends valid_Core { - public static function url($url) { + static function url($url) { return valid_Core::url($url) && (!strncasecmp($url, "http://", strlen("http://")) || !strncasecmp($url, "https://", strlen("https://"))); -- cgit v1.2.3